If you haven't already set up your multi-factor authentication method (MFA), as of Dec 6th 2022, when you log in on Newton you will be directed to a secure website at auth.newton.co for the setup process.
As a reminder, all Newton users have to set up one of the following MFA options to use for login and other authentication:
- Authenticator app (such as Authy and Google Authenticator)
- Security key (such as a YubiKey)
- Authenticator app + biometric authentication (biometric login would be the default on supported devices, authenticator app would be the fallback)
- Security key + biometric authentication (biometric login would be the default on supported devices, security key would be the fallback)
To set up MFA using an authenticator app, first, go to your device's app store and download your preferred authenticator app. You can use Google Authenticator, Microsoft Authenticator, Twilio Authy, or any other authenticator app of your choice. Then, proceed with the following:
1. On the login page, after you log in with your email and password, you'll be asked to set up MFA. Click "authenticator app".
2. You should be presented with a QR code to scan.
3. Go to the device on which you have your preferred authenticator app installed, and click on "add new". (The "+" sign).
4. Find the option to "scan QR code" or "scan barcode".
5. Point the camera of your device towards the QR code, your device should automatically scan the QR code.
6a. Note that if you are having issues with scanning the QR code, you can also set up your authenticator app manually by clicking "show secret key".
6b. Then, you'll be presented with your "security key" which is a series of alphanumeric characters.
6c. Go back to your authenticator app and select "enter setup key" (it may be called something different depending on which authenticator app you're using) and follow the onscreen instructions to paste in the code. You can title the login something like "Newton Account" if you like.
7. Your authenticator app should now be set up with the one-time codes you need to log in. To verify this, the Newton login page will ask you to type in the code generated on your authenticator app to verify that it has been set up correctly. Note that the codes automatically refresh every 60 seconds.
8. Now you should be all good to go! (Note: if you've had Authy as your MFA method before Dec 6, 2022, your old security codes generated by Authy will no longer work. You can still use Authy as an authenticator app, but you'll need to set it up again according to this process).
To set up MFA using a hardware security key, first, make sure your hardware security key is compatible. We support Yubikey by Yubico, and the Google Titan Security Key. Then, proceed with the following:
1. On the login page, after you log in with your email and password, you'll be asked to set up MFA. Click "security key".
2. You'll now be asked to plug in your security key to your device.
3. Alternatively, some security keys come with Near-Field Communication (NFC) capabilities. NFC is a technology that allows devices to communicate sensitive information at close distances and is widely used as a method to allow consumers to tap to pay with credit or debit cards. If your device and security key both support NFC, then you can bring the key near the top of your device and be able to continue the setup process without having to plug in the security key.
4. If you've plugged in your security key, you'll also be asked to touch the security key on the touch sensor which should be located in the centre of your key. This is to verify that a real person is present when setting up the security key.
5. You'll also be asked if you want to register your device with Newton such that you can avoid having to plug in your security key every time you log in. We recommend this option only for devices that you own and use frequently. Do not enable this option on devices owned by other people or devices that other people have access to.
6. Now you should be all done!
For the highest amount of security, we also recommend enabling biometric security. Biometric authentication is a method of verifying a person's identity based on their unique physical traits. Examples include fingerprint scanning, facial structure scanning, iris scanning, or voice pattern recognition to authenticate. This is different from traditional forms of authentication, such as passwords or PINs, which can be lost, stolen, or easily guessed. The idea is to use something unique to the individual, and therefore difficult to forge, to confirm their identity.
Most modern smartphones will support at least one method of biometric authentication, whether it is a built-in fingerprint scanner or a front-facing camera system that supports facial recognition.