Setting up 2-FA
Two-factor authentication (2-FA) adds a second layer of security to your account. In addition to your password, you’ll need to approve each login using an app on your phone. As set out in the Website Security Policy, 2-FA is required for all users and must be enabled within 72 hours of being granted access.
You’ll need your phone with an authenticator app installed before you begin. If you don’t have one yet, download Google Authenticator, Microsoft Authenticator, or Authy from your phone’s app store.
Part 1: Set up the authenticator app
Section titled “Part 1: Set up the authenticator app”1. Go to your WordPress profile page
Section titled “1. Go to your WordPress profile page”On your computer, visit ohs.org.uk/wp-admin/profile.php. Log in with your username and password if prompted.
2. Enable the authenticator app
Section titled “2. Enable the authenticator app”Scroll down to the Two-Factor Options section and check the box next to Enable Authenticator App.
3. Add a new account in your authenticator app
Section titled “3. Add a new account in your authenticator app”Open your authenticator app on your phone and tap the + button to add a new account.
4. Scan the QR code
Section titled “4. Scan the QR code”Choose Scan a QR code and point your phone’s camera at the QR code shown on your computer screen. Your app will automatically add the OHS account.
5. Enter the verification code
Section titled “5. Enter the verification code”Your authenticator app will display a 6-digit code. Type this code into the verification field on the WordPress profile page and click Verify.
6. Save your changes
Section titled “6. Save your changes”Scroll to the bottom of the page and click the blue Update Profile button.
Part 2: Save your recovery codes
Section titled “Part 2: Save your recovery codes”Recovery codes let you access your account if you ever lose your phone or can’t use your authenticator app. As outlined in the Website Security Policy, these must be stored securely in an encrypted password manager — not in a plain text file, email, or document.
1. Enable recovery codes
Section titled “1. Enable recovery codes”Back on your WordPress profile page, scroll to Two-Factor Options and check the box next to Enable Recovery Codes.
2. Generate and download your codes
Section titled “2. Generate and download your codes”Click Generate Recovery Codes, then download the codes file.
3. Store your codes safely
Section titled “3. Store your codes safely”Save the codes in your password manager alongside your OHS password. You will need these if you ever lose access to your phone.
4. Save your changes
Section titled “4. Save your changes”Scroll to the bottom of the page and click the blue Update Profile button.
Logging in with 2-FA
Section titled “Logging in with 2-FA”That’s it — 2-FA is now active on your account. From now on, every time you log in to WordPress you will be taken to a second screen after entering your password. Open your authenticator app, find the current 6-digit code for the OHS account, and enter it to complete your login. The code refreshes every 30 seconds, so use it promptly.
