To further secure your Pulseway account you can enable two factor authentication which will ask for an additional step before performing certain operations.
To enable 2FA or to upgrade from the old email-based two factor authentication, login to the WebApp and from the Account section in the menu, click on the 2FA link. For security purposes you will be prompted to re-enter your Pulseway password and then you will be greeted with a configuration screen.
There are two main options: Trusted Mobile Devices and One-Time Passcode. You will have to configure at least one of them to enable 2FA for your account. Configuring both of them is encouraged for enhanced security. You will receive a set of backup codes upon configuration that can be used when you don't have the possibility of authenticating the 2FA request using a Trusted Mobile Device or generating a One-Time Passcode. Backup codes can only be used once.
Trusted Mobile Devices
A Trusted Mobile Device is a mobile device with the Pulseway app installed on it that is registered on your account.
Click on the "Add device" button to select the devices you wish to use to approve 2FA requests. Once the 2FA is enabled, whenever you add a new device, the change gets applied immediately without requiring you to press a button to save your changes. If you want to replace a trusted mobile device and you don't have One-Time Passcode configured you should first add the new mobile device and then remove the old one.
With Trusted Mobile Devices a Push notification will be sent to the mobile devices you've marked as trusted requesting to approve or decline the 2FA request. In the 2FA request you will see an approximate location from where the request originated and what feature was requested.
Also known as TOTP (Time-based One-Time Passcode) is an algorithm that was adopted as a standard for two factor authentication systems by the IETF (Internet Engineering Task Force). It works by sharing a secret key with an implementing application used to generate codes based on the current date and time. You can use Google Authenticator, Microsoft Authenticator, Authy, 1Password or any other application that supports the TOTP algorithm.
In addition to the Trusted Mobile Devices and One-Time Passcode you will also receive a set of backup codes that you can use to bypass 2FA prompts. These codes will only work once and the last backup code can only be used to login to the WebApp. Once all backup codes are used you will be presented with another set of codes which you should store securely.
Reduce Remote Control 2FA prompts
After 2FA is enabled, you will be presented with a 2FA request for each remote control setting. You can stop this, so 2FA is only required at the first login to the remote control app, by checking "Reduce Remote Control 2FA prompts" in the Configuration > Security menu, as shown below.
Enforce 2FA for All User Accounts
We will be enforcing 2FA on all accounts during 2023, but we recommend you secure your Pulseway instance by enforcing two factor authentication for all user accounts as soon as possible. This is industry best practice. You can enable the setting from the WebApp on the Server Admin -> Settings page under the Security tab.
For extra convenience, users who have the iOS mobile application and an Apple Watch can now approve or decline their 2FA logon requests directly from their Apple Watch.