Two Factor Authentication

T4 now has two-factor authentication to allow for easier and more secure login.

To set up go to www.t4login.com and login with your firm, username, and password. Once logged into the user setup web page you will see a new link called “Setup Security”.

Image

1. “Setup Security” You need to click this after login to enable two-factor authentication.
2. Click on the drop-down and choose either enabled, disabled, Not Enabled.
3. Confirm the country and Mobile number is correct. If it is not you can click the setup user just above step one to make any changes to your user setup.
4. If your device does not support text messaging then you can click here to enable your email.
5. Click here to manage your devices. This is handy to view the enabled devices and remove any devices from the list. When you renew the device the next time you try to login to the device you will have to set it up the two-factor authentication again for that device.

All new and existing users will be set to “Not Enabled” by default.

In order to enable 2FA, the user changes the setting to Enabled, enters his phone number, and then clicks Continue.

This phone # must be able to receive text messages via SMS. Landline phones are not supported.

If you do not have a cell phone, or simply prefer to use email instead, There is a link on the setup to enable email.

If two-factor authentication is not enabled for the user until they successfully verify their phone number/email. When they click “Continue” a 6-digit verification code will be sent and they must enter it and click submit.

Image

Image

After setting up 2FA, the user will be required to authenticate every device he uses to log into T4.

The user will log in using his firm/username/password just like normal.

Image

If the user has not 2FA authorized this device yet, then the user will be sent a 6-digit authorization token and the application will prompt for it:

Image

Once the user enters the 6-digit code, the users’ device will be considered “authorized” and this second step will not be required again.

If the user forgets or loses his phone and cannot receive a text message, the authentication token can be sent to his email instead.

The screen that prompts for the authentication code will display a link to send the code to email instead after a 20-30 second delay:

2FA is supported for all older version of T4 and apps written to older versions of our API.

When the user logs in using an old version, the login will fail, however an authentication token will be delivered to the user.

Image

Image

As the message explains, the user needs to append the 6-digit code to his password on the next login attempt.

So if the users’ password is “g01ng8roke”, he will type “g01ng8roke193566” on his next login attempt.

Two-factor authentication is not possible in cases where we cannot receive a unique device identifier. FIX API applications are a good example.

Also, some applications log in additional users, and it is not possible to support 2FA in this case.

For applications that cannot support 2FA, we have created an alternate authentication mechanism called an “application password”.

For these applications, the user will create a dedicated password for the application and configure it in their user setup.