Two-factor Authentication (2FA)

What is two-factor authentication?

Two-factor authentication, or 2FA, is an extra layer of security for user accounts. In addition to their username and password, a user must verify another piece of information to enter their account.

Traditionally, this might have been done using something like security questions. It's now best practice to require access to a mobile phone or physical security key that the user has confirmed belongs to them.

What forms of 2FA are available in Taxi?

Taxi currently offers two methods for 2FA:

time-based one-time password (TOTP) authentication
SMS security codes

Organisation owners can choose to enable both or just one.

On organisations that allow both methods, a single user can set up both and choose to authenticate one or the other on each login.

Time-based one-time passwords (TOTP)

This method requires users to download a third-party mobile app. On setup, Taxi presents the user with a QR code to be scanned using the app. On each subsequent login, the user must open the app to generate a code for Taxi and enter it in Taxi's login page before it expires.

Some examples of authenticator apps include Google Authenticator, Authy, Duo Authenticator, Microsoft Authenticator, LastPass Authenticator, and FreeOTP. Users can use their choice of app to scan the code. We support all TOTP apps.

Text messages (SMS)

This method requires users to enter a security code sent to their mobile phone via SMS. To set it up, users enter their mobile number and confirm the code they received. A new code will be sent on each subsequent login and must be entered to authenticate the account.