A user accessing the DPS can enforce the security by enabling the two-factor authentication mechanism, which requires the user to provide, in addition to an email and password, an OTP (One Time Password) generated by a third-party system (e.g. Google Authenticator) or sent to the user via a secondary channel (e.g. SMS or email).
Within the Profile page, each user can enable two-factor authentication by selecting one of the available methods:
Login Experience with MFA
Once a two-factor mechanism is enabled, the first step in the login process is for the user to provide their registration email and password, and once this is confirmed, the form is updated and the user is prompted to enter the currently generated OTP.
.png?sv=2022-11-02&spr=https&st=2025-05-09T21%3A31%3A59Z&se=2025-05-09T21%3A42%3A59Z&sr=c&sp=r&sig=bM51lz3bved6l%2Bb52LUs87s4WBZfm0ky2F6pCiFjfFQ%3D)
If the OTP is confirmed, the user is redirected to the Home page, else it has to retry the login again.
For security reasons, a failed login does not give any information about which Email, Password, or OTP is wrong. After 5 consecutive failed logins, a reCAPTCHA appears asking the user to complete a challenge (e.g. I am not a robot).
Google Authenticator Configuration
Within the DPS profile page, under the Security tab, the user can enable the Two-Factor authentication.
By clicking the Configure button, the page displays the steps required to configure OTP generation through the Google Authenticator mobile application.
.png?sv=2022-11-02&spr=https&st=2025-05-09T21%3A31%3A59Z&se=2025-05-09T21%3A42%3A59Z&sr=c&sp=r&sig=bM51lz3bved6l%2Bb52LUs87s4WBZfm0ky2F6pCiFjfFQ%3D "image(280).png")
To complete the configuration, it is needed to provide the current generated OTP and the user password, which is required as a double security check.
To disable the Google Authenticator the user must provide his password for confirmation, once done the registered token became invalid.