In Castor, you can configure two-factor authentication (2FA) for your account. This means that, upon login, you will have to enter an extra authentication code generated by the Google Authenticator app on your phone or tablet. This adds an extra layer of security to your Castor account - potential attackers will need not only your account details, but also your physical device with the Google Authenticator to be able to access your account.
To enable 2FA, first make sure that the Google Authenticator app is installed and updated on your phone/tablet. In Castor, go to your Account Settings by clicking on the account icon in the top left corner and selecting 'Settings'.
Then, scroll down to the 'User details' section. Select 'Yes' in the 'Enable Google Authenticator' section. A QR code will be displayed - you need to scan this code in the Authenticator app on your device. If your device doesn't have a camera, you can also manually enter the provided key.
Once you have scanned the QR code or entered the key, a 6-digit code will appear in the Google authenticator app. Enter this code into the field and click 'Configure'.
Once configured, CastorEDC will appear in your Google Authenticator app. Every time you log into Castor, you will need to provide the 6-digit code generated in the Authenticator app. The code refreshes every minute.
Two-factor authentication is account-based or study based - some institutes and organisations enforce additional authentication for their domains, some studies require two factor authentication from users. The procedure for your own account is always the same.
If you would like to add enforced 2FA and/or 90-day password rotation for email domains linked to your institute, please submit a request here.
When receiving a new device or in the event a device has been lost, it is necessary to move the Authenticator app to a new device or disable it completely. To do this, access the Google's two-step verification Web page and modify the settings there - you will first need to verify your new device within the Google Authenticator app. More information can be found on the Google Account Help page: Using a new phone to receive 2-Step Verification codes
Please note: Changing the 2FA setting in your account to 'No' does not deactivate it completely. You will not be able to regenerate the QR-code when you set it back to 'Yes'. If you encounter a problem with deactivating 2FA for your account, please contact us.