Two-Factor Authentication

You can turn on two-factor authentication (2FA) when accessing your account. When logging in with two-factor authentication enabled, in addition to your password, you must also enter a 6-digit code generated by the authenticator app or browser extension of your choosing.

Warning: Enabling 2FA and subsequently losing your codes will result in permanent loss of access to your account and data.

Any authenticator app or browser extension that supports time-based one-time passwords (TOTP) can be used. We recommend using Google Authenticator on your phone. Other options include Microsoft Authenticator and Authy. Apple Passwords works but is difficult to use. Some password managers, such as Bitwarden, also provide browser extensions that support TOTP.

Many TOTP apps support the secure backup of your authentication codes in the cloud so your codes are not lost if you lose access to your device. We strongly recommend that you use an authenticator app that provides a secure backup feature. This way, if you lose access to your device or your authenticator codes, you can simply download your authenticator app on another device, and once you log in to your account on the app, your TOTP codes will become available on the new device.

TheBrain is app-agnostic when it comes to TOTP authenticator apps, so the choice of which authenticator app to use is completely up to you.

If you use an authenticator app that lacks a secure backup and lose the device that stores your codes, you will permanently lose access to your account and all of your brains. For security reasons, TheBrain Support will not be able to restore access to your account.

Offline access is still supported with 2FA enabled. However, you must have a network connection when logging in.

Configuring Two-Factor Authentication

1. Download a TOTP app or browser extension of your choice on your phone or desktop. We recommend using Google Authenticator on your phone.
2. In the top right of TheBrain desktop app or web client, click your profile picture. Note that enabling two-factor authentication from the desktop app will also turn it on for the web client and vice versa.
3. From the desktop app, click “Configure Two-Factor Authentication”. From the web client, select “Account Info & Tools”, then “Two-Factor Authentication”.
4. Enter your TheBrain password.
5. Select “Enable Two-Factor Authentication”
6. Scan the QR code with your authenticator app. If you can't scan the QR code, click “Show” to see the secret key, which you can manually enter in your authenticator app instead.
7. The authenticator app displays a 6-digit code. Enter the code in the Two-Factor Authentication dialog.
8. Click “Verify and Save” to complete the two-factor authentication registration.
9. You will be presented with your secret key one last time. We recommend saving your key in a safe place, as it is the only way to recover your TOTP code should you lose access to your authenticator app. The secret key can be used to set up 2FA on another device or in another authenticator app.

Note: To configure authentication via TOTP on multiple devices, during 2FA setup, scan the QR code using each device at the same time or save the secret key, which can then be used to set up the same TOTP on another device later. If 2FA is already enabled and you did not save the secret key and want to add another device for authentication later, you must reconfigure 2FA from your account settings.

Additional Information

Every time the Two-Factor Authentication dialog is displayed, it shows a new randomly generated secret key. Therefore, once 2FA is enabled on your account, repeating the configuration steps mentioned above and clicking “Verify and Save” will invalidate the previous secret key, and the TOTP codes generated from that secret key will no longer work. At this point, you have reconfigured the two-factor authentication on your account and are expected to log in to TheBrain with the TOTP codes generated from the new secret key going forward.

Warning: If you add multiple secret keys for TheBrain to your authenticator app and you need to delete one, make sure not to delete the most recent one you verified, as this could cause you to lose access to your account.

You can also disable two-factor authentication on your account by clicking the “Disable Two-Factor Authentication” button in the Two-Factor Authentication dialog.

TheBrain’s password reset process has not changed, and users can still reset their passwords the same way as before. Note that resetting your password does not change or reset two-factor authentication on your account. You will still be required to enter your authenticator code even after a password reset.

If you have any further questions, please contact TheBrain Support (http://www.thebrain.com/support).

Advanced users: Manually configuring a TOTP authenticator app

If you are unable to scan the setup QR code or wish to setup a TOTP app manually and require the parameters encoded in the QR code, here is the relevant information:

1. Type: TOTP
2. Label: TheBrain:{username} where {username} is your TheBrain username
3. Secret: This is the TOTP secret key, shown in the two-factor authentication dialog
4. Issuer: TheBrain
5. Algorithm: The default of SHA1 is used
6. Digits: The default of 6 is used
7. Period: The default of 30 (seconds) is used