What is two-factor authentication?

Two-factor authentication is loosely defined as "something you have" as well as "something you know". You already know your password, but if someone has that information, they can log into your account. With the addition of something you have, it becomes much more difficult for your account to be breached.

The "something you have" is usually your mobile phone, which can help verify that it's actually you logging into your account. You may already use two-factor authentication to log into other services, such as Gmail or iCloud.

How does it work on the BADBIR database?

We're rolling out two-factor authentication gradually, so you may not see a change immediately. But when it's enabled on your account, the first time you log in, you'll need to provide your telephone number. This can be your mobile number if you have one, or your work telephone number. You can provide two additional numbers later on, and you'll be able to select the most appropriate number when logging in.

• Your phone numbers are stored securely on the two-factor authentication server

Your phone will receive a code which you must type in when logging into the database, once per day, ie. you will then be authenticated even if you log out and back in during the day. Therefore, decide whether you wish to receive this code by text message or phone call, or both (you can choose at the time of login). The phone call is an automated message which reads the code out to you.

You'll then need to verify this number, by receiving a code. Click Verify to send your first code.

Type this six-digit code into the box on the database login screen, and click Confirm code. You have five minutes to do this before the code expires.

Your telephone number is now verified, and this also authorises your account for the day. You'll find yourself on the home page of the BADBIR database now. When you attempt to log in for the first time on any day following, you'll see a similar message to the one above, where you'll be asked to enter another six-digit code which will be sent to you using your chosen telephone number and method (text message or phone call).

If you log out of the database and try to log in again on the same day, you may see the following message briefly before automatically continuing to the BADBIR database.

What happens if something goes wrong, will I still be able to log into the database?

Yes; contact the office and we can temporarily disable two-factor authentication for your account, while we work out what the problem is.

What if I don't have access to my phone?

In cases where you know you won't have access to your phone, for example, if you're working off site, you can print off one-time use authentication codes from the database. You'll need to log in first, so you'll have to do this in advance, and they expire one week after they're generated.

Once logged into the database, click Manage Account in the top right-hand corner of the screen. Under the Manage Two Factor Authentication Settings section, click Get New Tokens. This will reveal a list of five codes, which can be used once each, to authenticate your account for the day. You can print them out or write them down.

• You enter these codes into the box on the database when logging in, in the same way as the codes received on your phone

From here, you can also manage the telephone numbers associated with your account. Click Get Existing Numbers to see a full list, where you'll be able to remove any that you no longer use or have access to.

Beneath that, you can enter up to two additional telephone numbers which will be associated with your account. You'll be able to choose which number to use when you log in for the first time each day.

If you have any other questions or concerns regarding the two-factor authentication system, please contact the office and we'll be able to help.