Two-Factor Authentication

To improve the security of your infrastructure, you can enable two-factor authentication (“2FA”) for your Virtyx account. With 2FA turned on, you will be prompted to enter a verification code from your authenticator app when logging in.

Two-factor authentication makes your account more secure by requiring you to present two independent means of verifying your identity when attempting to log in. In addition to a password, an authentication code is used which proves that you have access to a preconfigured device. Even if a malicious person were to learn the authentication code you used to log in, they would not be able to use the code to log in again in the future. They would need access to your token generating device to get a new code to complete the login.

Currently, we support the popular TOTP Algorithm for proof of physical token possession. In this algorithm, the user cryptographically proves that they have access to a pre-shared secret key by deriving the authentication code as a function of the secret key and the current time.

We do not (and will never) support SMS verification codes as proof of possession due to the numerous attack vectors associated with that strategy.

Set up

Log in to your Virtyx account and go to your profile. Go to the Security tab and follow the steps to set up an authenticator app.

When you do, you’ll be given a recovery code. Make sure to keep this secret and to not lose it; if you lose access to your authenticator app, you’ll need your recovery code to regain access to your account. Anyone who knows this secret recovery code will be able to disable 2FA on your account, so be sure to keep it in a safe place.

If you lose your authenticator app and your recovery code, you will be permanently locked out of your Virtyx account with no possibility of regaining access. This policy is in place to protect the security of our customers. If you would prefer not to have these security measures in place for your account, we recommend against enabling 2FA.

Account Recovery

If you lose access to your authenticator app, you will need your recovery code to regain access to your account. For your security, it is our policy to never allow access to an account with 2FA enabled without being presented with either a valid authenticator code or a correct recovery code.

To regain access to your account, you’ll need to send an email to support@virtyx.com. We’ll verify that you have access to your recovery code, and then send an email to the address associated to your account to make sure it’s really you. After 24 hours, we’ll disable two-factor authentication on your account so you will be able to log back in and reconfigure 2FA with a new authenticator app.

Authenticator Apps

Virtyx uses the common TOTP scheme for 2FA. There are a number of free apps available for Android and iOS that you can use to generate verification codes. Feel free to use any that you’re comfortable with. Here are some suggestions: