# Two Factor Authentication ## What is Two-Factor Authentication, and why should I use it? Two-Factor Authentication (also called "2FA") adds another layer of security to your account, making it nearly impossible for the account to be compromised. This protects your account and all that's on it - your characters, your items and your gold. If someone were to figure out your accountname and password (which should always be something strong and unique), they cannot login to your account unless they have the PIN from your authenticator. This PIN is generated by an app on your phone, and is refreshed every 30 seconds. We have two alternatives for our Two-Factor Authentication - IP-lock - only require the PIN when logging in from a new IP-address - Always - require the PIN for each login Note that the website will always require you to enter the PIN-code generated by your app, regardless if you have IP-lock enabled or not. ### Things to note before you enable Two-Factor Authentication - Enabling GeoLock on your account will remove Two-Factor Authentication, and vice-versa. Only one of these may be active at any given moment - __You must save your recovery keys__ - this will allow you to recover your account if you are no longer able to get your PIN from your device. - The secret token, QR-code and recovery keys are unique to your account, and these keys will regenerate if you disable and re-enable Two-Factor Authentication! This means that you need to save your _new_ recovery keys and secret token if you for any reason disable and re-enable Two-Factor Authentication. - The recovery-keys are usable ONE time each. Once they have been used, they are no longer usable. You can generate new recovery keys from the [Two-Factor Authentication settings page](https://lightshope.org/account/twofactor) on the control panel - You should save your secret token - this will allow to you add your authenticator again if you have a new device - If you are playing on a public IP or through a VPN, its not recommended to use IP-lock, you should instead have it requested for each login ### How do I enable Two-Factor Authentication? You can enable Two-Factor Authentication on the [account control panel](https://lightshope.org/account/twofactor). Your email will need to be verified before you can proceed to the control panel. Once you're signed on to the control panel and your email is verified, head over to the [Two-Factor Authentication settings page](https://lightshope.org/account/twofactor). __Read the information carefully!__ Follow all the steps as shown on that page. Here's a brief step-by-step - Download the authentication-app to your phone or device - Open the app, scan the QR-code (or manually input the security token) - Remember to save this security token somewhere safe! - Select IP-lock or to always require authentication - Save your recovery keys somewhere safe! This will allow you to regain access to your account if you lose your device - Save the changes, enabling Two-Factor Authentication! If you followed the steps in the control panel, your authenticator is now active! After you have completed this process, your will be prompted to input a PIN when you log into the game. Depending on what option you chose, this will either be when logging in from a new IP-address, or on every login. ### I'm having problems with my authenticator and cannot log in! If you follow the procedure above, and take care of your recovery keys, you can take action on your account yourself without having to interact with members of our team - and recover your account within minutes! #### I want to remove my authenticator Log on to the account control panel and navigate to the [Two-Factor Authentication page](https://lightshope.org/twofactor). You will be able to disable your authenticator there. If you are unable to log in by using the PIN generated by your authenticator-app, read on for suggestions on how to fix it. #### My device isn't giving me the correct pin Ensure that your application and your phone are properly synced in time. If both your device and app are synced, you likely disabled and re-enabled the authenticator at some point. If that is the case, then you must use the newest recovery keys and newest security tokens. Should you not have these, and you have tried to sync your device, you must request a manual removal. #### I have lost my device / I don't have the authenticator anymore! If you have the secret token or the QR-code you enabled your authenticator with, you can use this to add the authenticator to your device again (or a new one) and get the PIN codes again. For authenticators enabled prior to October 2017, the QR-code were sent to you in an email. For authenticators enabled after this, you were given them upon enabling your Two-Factor Authentication, and needed to save them at that point as they can not be regenerated. Should you for some reason be unable to do this, and you enabled your authenticator after October 2017, then you can use any of the valid recovery keys to log in to the account control panel. These keys are only usable one time per key. The recovery key will substitute the PIN when logging into your account on the website (and not the game). #### I enabled my authenticator a long time ago, on Elysium, and don't have the authenticator anymore! _This section is only for authenticators that was enabled prior to October (not for any authenticator enabled under the Light's Hope domain):_ Your QR-code was sent to the email associated with your account if you enabled the authenticator on Elysium. You can scan this on your device and enable it again. We recommend that you disable this authenticator, and re-enable it under the Light's Hope domain. This ensures that the data is correct and will allow you to generate the recovery keys. We are not able to resend your QR-code if you have deleted the mail. #### There's an authenticator on my account, but I didn't add one... It's possible you are seeing the GeoLock, and not the Two-Factor Authenticator. If the account is GeoLock-protected, you will be mailed the PIN required to the email associated with the account. If you are certain the account has Two-Factor Authentication on it, and you didn't enable it yourself, it's possible your account was compromised, and that those that compromised the account added this authenticator on the account. Should this be the case, you will need to request a manual removal. #### I've tried everything... I can't login! We can manually remove your Two-Factor Authentication, but this is something we would rather avoid if we can. It would be better - and faster - for you to try the suggestions above before filing a request for Two-Factor Authentication removal. Requesting Two-Factor Authentication removal is a process that will take time, and due to the nature of these requests we are not able to provide an estimated time of completion. __Exhaust all other options before filing a manual removal request!__ As a last resort you may request a manual removal of your authenticator by clicking on the "I've lost my 2fa codes! Help" link when attempting to sign in to the website. Please read the information there carefully before submitting your request. Your post will only be visible to yourself and select members of staff. Once the request is filed, it may take some time before it is processed; we will get to them as quickly as we can, but Two-Factor Authentication Removal Requests have no estimated time of completion.