Two-factor authentication (2FA) adds a second layer of security to your reseller account by requiring a token in addition to your password at login. You can set up 2FA using an authenticator app, SMS, or both. The most recently enabled method becomes the default, but you can change the default at any time.
How 2FA protects your reseller account
With 2FA enabled, sign-in requires two credentials: your password and a time-sensitive token. The token comes from either an authenticator app installed on your smartphone or an SMS message sent to your registered mobile number. Either method blocks unauthorized access even if your password is compromised.
Warning: If multiple people share a single login, create a separate user account for each individual before enabling 2FA. Time-based tokens cannot be shared across users. See the Manage Users article.
Before you begin
Log in to the Reseller Control Panel with the user account you want to secure.
For app-based 2FA, install an authenticator app such as Google Authenticator, Authy, or Microsoft Authenticator on your smartphone.
For SMS-based 2FA, have your mobile phone available to receive a verification text.
Have a printer or secure location ready so you can save recovery codes.
Step 1: Open the 2FA settings
In the Reseller Control Panel, click the Account settings tab, then click Edit next to 2-Factor authentication.
Step 2: Enable app-based 2FA
To set up 2FA using an authenticator app:
Select Enroll authenticator app.
Enter your reseller account password and click Next.
Scan the QR code with your authenticator app, or enter the key shown on screen manually. The QR code and the key represent the same value.
Enter the six-digit code generated by your app and click Enable.
Print the recovery codes that appear and store them somewhere safe.
2FA is now active. The next login prompts for a token from your authenticator app.
Step 3: Enable SMS-based 2FA (alternative)
To set up 2FA using SMS instead of or in addition to an app:
Select Enroll SMS.
Enter your reseller account password and mobile phone number, then click Next.
Enter the token sent to your phone via SMS and click Enable.
Print the recovery codes that appear and store them somewhere safe.
2FA is now active. Each login sends a fresh token to your phone via SMS after you enter your username and password.
How 2FA works at login
Once enabled, 2FA applies to both the Reseller Control Panel and the Classic Reseller Interface.
Enter your username and password and click Log in.
When prompted for a token:
If SMS is your default method, retrieve the token from the SMS you receive.
If the authenticator app is your default method, open the app and locate the OpenSRS token.
Enter the token in the prompt. OpenSRS validates the token and grants access.
Note: Store your recovery codes outside your phone. If you lose access to your authenticator app or SMS device, recovery codes are the only way to sign in without contacting support.
Next steps
Change your default login method. If you enabled both methods, choose which one is prompted first. See FAQ on Two-Factor Authentication (2FA) for Reseller Accounts.
Regenerate recovery codes. If you lose your printed codes, generate a fresh set from Account settings.
Roll out 2FA across your team. Create individual user accounts for each person who logs in and enable 2FA on each.
Questions? Contact OpenSRS Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.