In CrushFTP version 9 we can integrate our One Time Password (__[OTP|OTP Settings]__) based authentication feature with Google's software based token device __Google Authenticator__ , using Time based OTP (TOTP). The user can register a QR code into Google Authenticator.\\
\\
!!Server side configuration\\
You will need to enable one of our __[OTP|OTP Settings]__ methods, using SMS or Mail based OTP, and enable the __Validated logins__ checkbox. The user needs to be able to log in at least once, without OTP, or with the other __[OTP|OTP Settings]__ settings.\\
\\
[attachments|servercfg001.png]\\
\\
The second step is to configure the user account with __Two Factor Authentication__\\
\\
[attachments|servercfg002.png]\\
\\
and enable the two factor __QR code generator__ which will appear in the user's __User Options__ menu when they are logged in.\\
\\
[attachments|servercfg003.png]\\
\\
!!Client / token device configuration\\
The user will need to log normally, generate the QR code from the client UI __User Options__ menu.\\
\\
[attachments|servercfg004.png]\\
\\
Then open __Authenticator__ on the mobile device, set up new account, choose barcode, point the device towards the screen, read in the QR code. Then save the user settings by clicking the __Confirm__ button in the UI. \\
 \\
[{Image src='tokencfg001.png' width='272px' height='..' align='left'}]  [{Image src='tokencfg002.png' width='272px' height='..' align='left'}]  [{Image src='tokencfg003.png' width='272px' height='..' align='left'}]\\
\\
__WARNING:__ the QR code is valid for one minute, if the time window is missed you will need to generate new, or it will not save. Once a secret key has been saved from the QR code, and confirmed, it can only be reset by a server administrator.  Its a one time process.\\
\\