Two-Factor Authentication

We recommended that you enable two-factor authentication (2FA) on your W3C TAG account, because it offers a much higher level of security. The additional layer of safety provided by 2FA ensures that you’re the only person who can gain access to your account, even if your password is compromised. After you enable 2FA, in addition to your username and password, you’ll be prompted for a six-digit authentication code when you sign in.

 Enabling 2FA On Your SSO Account

  1. Go to the W3C TAG SSO Account Settings page (https://sso.w3ctag.org/auth/realms/master/account/).

    Single Sign-On Account Settings Page

  2. If you’re not already signed in, you’ll be prompted for your account credentials:

    Single Sign-On (SSO)

  3. Choose Authenticator in the navigation pane on the left.

    Choose the “Authenticator” Settings

    Do not attempt to change anything on the Account or Password section pages.

    Although the information in those sections is shown as editable, any changes made in them will not be written back to your account. Changes to your account details can only done directly on the W3C TAG Account server (https://account.w3ctag.org/).

Google Authenticator

  1. Click the + button to add a new account.

    Add an Account

  2. Choose Scan a barcode (or Enter a provided key if your device doesn’t have a camera).

    Choose a Method

  3. Scan the diplayed barcode.

    Scan the Barcode

    If your device doesn’t have a camera, click the Unable to scan? link below the QR-code on the SSO Authenticator page, and enter the shared secret key into Google Authenticator manually.

    Display the Shared Secred for Manual Entry

  4. Enter the six-digit TOTP code1 displayed by Google Authenticator back into the One-time code field on the SSO page.

    Enter the TOTP code on the SSO page

  5. Finally, click the Save button (before the 30-second expiration timer runs out2).

    New App Password Created

    Your account now has 2FA enabled. From now on, when you sign in to your W3C TAG account, in addition to your account username and password, the SSO server will prompt you for a TOTP code.

Enpass

  1. Click the Unable to scan? link below the QR-code.

    Alternate Method If Not Using a Device with a Camera

    …then copy the shared secret key and paste it into the TOTP field3.

    Paste Shared Secret Into Enpass

    To save your login credentials in Enpass, click the Save button at the top-right corner of the page.

  2. Now Enpass will always display your saved credentials with a TOTP code1 and expiration timer.

    Copy the six-digit TOTP code from Enpass back into the One-time code field on the SSO page.

    Devices & Sessions

    You can click the copy icon to the right of the TOTP expiration timer () to place the current six-digit code onto the clipboard.

  3. Finally, click the Save button (before the 30-second expiration timer runs out2).

    New App Password Created

    Your account now has 2FA enabled. From now on, when you sign in to your W3C TAG account, in addition to your account username and password, the SSO server will prompt you for a TOTP code.

    When you sign in with Enpass to a 2FA-enabled website, Enpass can automatically place the TOTP code on the clipboard after auto-filling your username and password. When prompted for the authenticator code, just paste it in with Ctrl/Cmd + V.
    You need to enable this feature under Settings > Browser > “Automatically Copy TOTP After Autofill”.

  1. Time-based One-Time Password. These change every 30 seconds and are unique to each system that uses them. ↩︎ ↩︎

  2. If your TOTP does expire before you can use it, just re-copy the latest code from Google Authenticator or Enpass. ↩︎ ↩︎

  3. In addition to regular passwords, Enpass can store 2FA shared keys and generate one-time codes (like Google Authenticator), keeping them readily available when signing in to web services and apps. ↩︎