Two-Factor Authentication (2FA)
Two-factor authentication ("2FA") adds extra protection to your Endcrawl account.
How Do I Set Up 2FA?
Head to your Endcrawl account page and click on the 2FA link.
Please follow these steps:
- Download a 2FA mobile app like Google Authenticator
- Use the 2FA app to scan the QR code on your screen.
- Enter the 6-digit code to verify your phone is in sync.
Your account will be immediately protected by 2FA.
The next time you log into Endcrawl with your username and password, you'll see a second screen that challenges you to enter the 6-digit 2FA code. Until you do so, you won't be able to see any other Endcrawl pages that require login.
What 2FA Apps Work with Endcrawl?
Any Time-based One-Time Password (TOTP) app should work, like:
Does Login Always Require 2FA?
No. We don't pester you if you've already passed a 2FA challenge in the current session.
New computers and new browsers, however, will show you a 2FA challenge, so make sure you have your phone handy.
Why Are My Codes Rejected?
TOTP requires that both parties -- your phone, and the Endcrawl server -- agree on the current time to within about 30 seconds. The most common problem is that your phone's time was set manually, and has since drifted from "true" time, an entirely normal phenomenon known as clock drift. The most common fix is to let your phone automatically set the time.
How Do I Disable 2FA?
To disable 2FA, go to your Endcrawl account page, click on the 2FA link, and then click "Disable".
Afterwards, to avoid confusion, we suggest that you remove the Endcrawl entry from your 2FA app, since it can no longer be used for anything.
A Word of Caution
If you lose or reset your phone, you can be locked out of your 2FA-protected Endcrawl account.
When this happens, you'll need to schedule a brief video call with the Endcrawl security team during business hours. You'll be required prove your identity in order to regain access.
How Should I Migrate 2FA to a New Phone?
To avoid losing access to your 2FA-protected accounts, always keep your old phone until your 2FA codes have been fully migrated to your new phone.
Authy, Google Authenticator for Android, and Google Authenticator for iOS (versions after December 2020) can all help you migrate codes to a new phone.