News: all updates for our software and apps
After the introduction of the Two Factor Authentication (2FA) we have received soooo many emails about 2FA, with questions, confusion, annoyance and even anger…. that I feel I have write a better explanation and give you the answers to the most common questions.
Here we go:
What is Two Factor Authentication (2FA)?
2FA is a commonly used method for better protecting user accounts against unauthorized logins. It is called two-factor authentication, because apart from the usual “first factor” of entering a username/password, the user is also required to enter an extra security code that only he/she has access to.
So even when a potential hacker has acquired your username and password, he will still not be able to access your account, because he cannot determine the required security code.
The required security code is different each time you try to login and is usually sent to your phone in a text message or retrieved from a special Authenticator app.
Why are we now offering 2FA for your CLZ Account?
Simple answer here: we are now offering 2FA because many of our customers have requested that we do so.
2FA is available for most sites and online services, to allow their users to better protect their account. Many CLZ users are serious about security. They are using 2FA everywhere they can and wanted to use it for their CLZ Account too.
So our devops guys went to work and implemented 2FA for CLZ Accounts. It has now has been available for 4 weeks, for the people who want it.
Important note: it is is available, but optional. If you don’t want it, you don’t have to do anything.
How to use 2FA for your CLZ Account:
There’s two parts to this:
1. Enabling 2FA on your CLZ Account (one time only)
At CLZ, we have opted to do 2FA using security codes from an “Authenticator app” that is installed on your phone. Any Authenticator app will do, we recommend using Google Authenticator or Microsoft Authenticator.
Here’s how to enable 2FA:
- Go to my.clz.com and log in.
- At the top, to the right of your username, click the “my account” link.
- On the Account page, under Two-Factor Authentication, click the “enable” link.
- Start your Authenticator app and click the “+” icon to add a new profile.
- Then either:
- Scan the QR code on your computer screen.
- OR: Copy the “Manual Entry” key and paste it into your Authenticator app.
- Find the 6-digit security code that shows in your Authenticator app, and enter it into the Security Code box in the “Enable Two-Factor Authentication” screen.
- Click the blue Enable button at the bottom
That’s it, you have now enabled 2FA for your CLZ Account!
2. Logging in using a 2FA Security Code
Once 2FA has been enabled, you need to enter a fresh Security Code from your Authenticator app:
- each time you log in to My CLZ at my.clz.com
- each time you log in to the CLZ Shop at shop.collectorz.com
- the first time you log in to CLZ Cloud or Connect with a new browser (only once)
Here’s how to login with 2FA:
- First login with your username (or email) and password as usual.
- Then, a screen will appear asking your for your 2FA Security Code.
- Now open your Authenticator app on your phone.
- Find the 6 digit Security Code for the “CLZ Account” profile.
(note that the code changes every 30 seconds) - Finally, enter the 6-digit code into the Security Code box.
BTW: You do NOT need to enter a Security Code when opening or logging into your CLZ mobile app or Collector desktop software!
Q&A: Common questions and their answers
Why is this necessary? CLZ is only my collection database?
2FA is not so much about protecting your collection data, but more about protecting access to your personal information, like your email address, username and password. Also, anyone with access to your account could change those details, basically locking you out. Even worse, they could delete your account, which would basically remove your subscriptions and your cloud data.
I hardly ever log in to my.clz.com, so why would I need this?
How often you log in is not a factor here. This is about preventing others from getting unauthorized access to your account.
In fact, if you do not log in to my.clz.com often, all the more reason to use 2FA, because the extra log in step won’t be much of a bother then 🙂
Why are you making things more complicated?
Indeed, setting up 2FA may be a bit complicated for some users. And yes, it does introduce an extra step when logging in. However, for most users the extra security is worth the extra steps and complexity.
Also, remember that using 2FA is optional. If you feel it is not worth the hassle, just don’t use it.
Why not send the Security Code by TEXT message?
We considered using text messages to send the security codes, but that was going to be very expensive for us, possible costing us thousands of dollars per month. So we decided to opt for the free and secure Authenticator app method for now.
Also, for sending the codes by text message, we would need to have your phone number. So basically, to protect your personal information, we would first need to store more personal information. In our opinion, the first step in securing people’s personal information is: store as little information as possible.
What if I lose my Authenticator profile? Do you provide backup codes?
We do not provide backup codes at the moment, we may implement this later. For now, if you lose your authenticator profile, just contact us and we will help you to re-enable (or disable) 2FA.
Hope this helps. In any case, my apologies for all the confusion I caused!