In Castor, you can configure two-factor authentication (2FA) for your account. This means that, upon login, you will have to enter an extra authentication code generated by the Google Authenticator app on your phone or tablet. This adds an extra layer of security to your Castor account - potential attackers will need not only your account details, but also your physical device with the Google Authenticator to be able to access your account.
To enable 2FA, first make sure that the Google Authenticator app is installed and updated on your phone/tablet. In Castor, go to your Account Settings by clicking on the 'User' icon user name in the top left corner and selecting 'Settings' then scroll down to the 'User details' section. Select 'Yes' in the 'Enable Google Authenticator' section. A QR code will be displayed - you need to scan this code in the Authenticator app on your device or manually enter the provided key:
Once you have scanned the QR code or entered the key, Google Authenticator will display a 6 digit code, enter this code into the field and click 'Configure'.
Once configured, CastorEDC will appear in your Google Authenticator app. Every time you log into Castor, you will need to provide the 6-digit code generated in the Authenticator app.
Two-factor authentication is account-based or study based - some institutes and organisations enforce additional authentication for their domains, some studies require two factor authentication from users.
If you would like to add enforced 2FA and/or 90-day password rotation for email domains linked to your institute, please submit a request here.
When receiving a new device or in the event a device has been lost, it is necessary to move the authenticator app to a new device or disable it completely. To do this, access the Google's two-step verification Web page and modify the settings there - you will first need to verify your new device within the Google Authenticator app. More information can be found on the Google Account Help page: Using a new phone to receive 2-Step Verification codes
Please note: Changing the 2FA setting in your account to 'No' does not deactivate it completely. You will not be able to regenerate the QR-code when you set it back to 'Yes'. If you encounter a problem with deactivating 2FA for your account, please contact us.