Vipassana Meditation as Taught by S.N. Goenka

Two-step login support

Applications that rely on the Vipassana Identity server can enforce two-step login to keep accounts safe even if a password or email inbox is compromised.

CALM, for example, requires two-step login for registrars because they can access students' sensitive data.

Two-step login generated codes do not work

The most common reason is that the device where is installed the Authenticator app has not a synced time.

VIS displays this error when the users submits a wrong TOTP code:

Make sure time is synced automatically on the device running your authenticator app:

On Android go to Settings → System → Date & time and turn on "Set time automatically" and "Set time zone automatically"
On iOS go to Settings → General → Date & Time and turn on "Set automatically"
On other devices check your system configuration and open https://time.is on the device. It should indicate that your clock is exact, or differs by only a few seconds at most (either ahead or behind).

but some users don't succeed in fixing this problem so you may need a video call to help them.

Adding two-step login on another device

Users can install authenticator apps on multiple devices (for example, a desktop and a phone) to avoid losing access when one device is unavailable.

Visit the Edit Credentials page. myCourses users can reach it from the top-right "My Account" link.
Scroll to the Two-step login section and follow the instructions to configure an additional device.

Resetting two-step login for a user

If a user no longer has access to a configured authenticator app, they must contact their application support team to request a reset and reconfigure two-step login from scratch.

Users cannot reset two-step login on their own for security reasons.

Support staff should verify the legitimacy of every reset request through a trusted channel (for example, a phone call or text message). Do not accept requests that come only from email, since an attacker with inbox access could use that channel to disable the user's protection.

CALM support can reset the two-step login setup of a user from the person User tab in the CALM UI.

Glossary

Authenticator app: An application that generates temporary 6-digit codes required for two-step login.
MFA: Multi-factor authentication. Another name for two-step login. Vipassana Identity currently uses time-based 6-digit codes as the MFA factor.