Two Factor Authentication

Starting February 28th, Two-Factor Authentication (2FA) became a mandatory setting for all Recorded Future clients and is turned on by default, unless you have Single Sign-On enabled. We believe this change will help improve the security of our entire community and to eliminate the well-known dangers associated with fixed passwords.

Recorded Future implements 2FA authentication with Time-Based One-Time Passwords (TOTP). To use TOTP, download one of the following smartphone apps and follow the directions below:

Setting Up 2FA on your Recorded Future Account

1. After Recorded Future confirms that 2FA is enabled for your organization, log in using a valid username and password. You will be automatically directed to the 2FA setup page.

Setting Up 2FA on your Recorded Future Account

2. Use your TOTP authenticator app to scan the barcode. This stores a shared secret code known to Recorded Future and the authenticator, which is used to generate six-digit verification codes.

3. Your TOTP authenticator will generate a verification code. To confirm receipt of the shared secret, enter the verification code to complete a 2FA setup and login to Recorded Future.

4. After logging in, you will find scratch codes for your user account in your User Settings page. Scratch codes enable you to reset the 2FA security on your user account if you lose access to the TOTP shared secret. Store your scratch codes only in secure, private location.

Experiencing Issues?

Occasionally, smartphones become out of sync and apps such as Google’s Authenticator create passwords that will not be valid.

Resetting your phone’s time settings may help:

Android: From within Authenticator

  • Go to the Main Menu
  • Select Settings
  • Select Time correction for codes
  • Select Sync now

iPhone/iOS: From within the Settings app

  • Select General
  • Select Date & Time
  • Enable Set Automatically
  • If it’s already enabled, disable it, wait a few seconds and re-enable

Setting Up 2FA When Changing Phones

If you’re getting ready to change or upgrade your phone, you have the ability to set your new phone up ahead of time for two-factor authentication without any access disruptions.

While logged in to Recorded Future, you have access to scratch codes dedicated to your specific account. You can use these scratch codes and manually enter them into your phone’s authenticator application, which can then be used when logging in to Recorded Future at a later date.

While logged in to your account:

  • Choose Menu from the top right of your screen
  • Click User Settings
  • Under User Settings, go to the Security tab
  • Once there, your scratch codes will be available below: scratch codes
  • Use one of the codes in question and enter it as a manual entry in your authenticator application

Additional Support Links

Google’s 2FA troubleshooting guide Common issues with 2-Step Verification.

Additional TOTP resources for Windows, Android, and iOS can be found on GitHub’s TOTP site.