This article describes the steps on how to enable and disable Two Factor Authentication (2FA). It is also important to create backup codes and keep them safe in case you need to reset your 2FA.
Some older Ubiquiti services do not support 2FA, but may still require log-in credentials to include a token if you have enabled 2FA on your UI.com account. In this instance, you must add a vertical bar ( | ) to the end of your password followed by your 2FA token, as shown in the example below:
Example Password with Token (non-space-separated) : 2931utkyu|987099
To circumvent this step and enjoy the latest account and device security features, we recommend updating all equipment to the newest version
Table of Contents
How to Enable 2FA
1. Download and install Google Authenticator to your mobile phone. Authy will also work, but since this article is using Google Authenticator as an example, the steps might vary slightly.
2. Go to https://account.ui.com and sign in.
2. Select Security from the left hand menu. In this section you can change your account password and session timeout period as well as enable two-factor authentication.
3. Enable two-factor authentication by clicking on the toggle. This will bring up a small pop-up window with a QR code and a Secret Code under it.
4. Open the Google Authenticator app on your phone, tap menu, then tap Begin Setup > Scan barcode. If you already have other accounts, you would click the plus sign (+) on the upper right and then Scan barcode.
5. Your phone will now be in "scanning" mode. Go ahead and scan the QR code that appeared in the account.ui.com pop-up window.
6. Enter the 6-digit authentication token provided by Google Authenticator into the pop-up window.
7. Click Submit.
How to Create Backup Codes
It is extremely important to create a set of backup codes the moment two factor authentication is enabled. These codes will allow you to unlock your account to disable 2FA if you were to somehow lose access to your authenticator app (if say you lost your mobile).
1. Access your account settings, by logging in to https://account.ui.com, providing username, password and the 6 digit authenticator token.
2. Go to the Security section.
3. Under the Two-Factor Authentication header, provide 2FA token as provided by the Google Authenticator app and click Generate new backup codes.
4. You will be given a list of 10 backup codes, copy them somewhere safe. If there's a possibility someone has gained access to your codes, generate new ones to make those compromised ones obsolete. If you lose access to 2FA you will only need to use one unused backup code. If you use all ten, you will need to generate ten more.
How to Disable 2FA
1. Go to https://account.ui.com and sign in.
2. Select Security from the menu.
3. Under the Two-Factor Authentication header, click on the Disable Two-Factor Authentication toggle
4. Use Google Authenticator on your mobile to get a token to insert in the field provided.
5. Click Submit.
How to Access a Locked Out Account
If you are locked out of your account because you changed mobiles, deleted the authenticator app by mistake or lost your phone, you can get access to your account once more with one of these methods.
Reset 2FA Using Backup Codes
1. Go to https://account.ui.com, enter your username and password as usual, and when prompted for the 6 Digit Token, click on Reset 2FA instead.
2. Now just paste one of the backup codes you previously saved and click the Reset 2FA button.
3. Two factor authentication is now disabled. Click Back to log in with username and password and follow the procedure to enable it again. Remember to create a new set of backup codes.
Access Account with Secret Code
The Secret Code appears only once, when you first enable 2FA on your account (see How to Enable 2FA). You can use this code to connect your existing account with a newly installed authenticator app. Do so by following these steps:
1. Open Google Authenticator and click the + to add another account.
2. Instead of selecting Scan barcode as you would have to set up a new account, select Manual entry.
3. Enter your Ubiquiti account username or email in the provided field, then enter your Secret Code in the Key field. This is how the Google Authenticator app identifies your token.
4. Click the checkmark in the upper-right hand corner to save.