What is it?
Two factor authentication is a mandatory security measure, which can validate user login attempts by sending a security code to a pre-registered phone number, email address or google authenticator app that belongs to the authorized user of the Taboola account.
When does this happen?
TFA will only trigger when there is an attempt to login from a new device, browser that has never successfully logged in before or a suspicious login attempt. Access is granted to the account only once the code sent to the pre-registered phone number, email address or google authenticator app is correctly entered.
How is it done?
Once the account/network is using TFA, every user that belongs to the account will have to complete the verification for his email, following which the user will be guided through the TFA set up where a choice of their preferred method of verification can be made.
The user flow is detailed below
Step 1: When a user logs in a code will be sent to the email address which needs to be used to complete verification. The code will expire after being used or 5 minutes after the email was sent.
Step 2: The user will be presented with options to select his preferred method of Two Factor Authentication - either email, SMS or the Google authenticator app
Email:
Text Message:
The user needs to make sure the phone number indicated is correct and click send code
Enter the code received and click save
Google Authenticator:
The user can download "Google Authenticator" from the App Store or Google Play.
In the app the user can click on the "+" sign and choose the "Scan Barcode" option to scan the barcode presented on the computer's screen.
The app will add "Taboola" and present a 6 digit code. This code changes once a minute.
This code needs to be entered in the login form and then the user can click save.
Step 3: After the above steps have been completed, the two factor authentication initialization process is complete. From now on every-time a login is attempted from a new device or a login is detected as suspicious, the user will be prompted to fill the one time code which will be sent to the registered email address/SMS/Google Authenticator app.
Tip: If using your own device, select the "Trust this computer" check box which will then skip the 2 step verification on this device in the future.
It’s important to note that only a single email, phone number or Google Authenticator can be used for verification purposes and hence it’s not advised to have multiple users sharing the same login.