Skip to main content

FAQ

Your common questions and answers related to the use or implementation of the 2FA. The FAQ is maintained and frequent questions added as needed.

   I need to access SCIO but I do not have the OTP, what can I do?

Please contact your system administrator for assistance. They can help you with account access and resolve any issues related to OTPs.

   Is a lost phone a security risk?

No, If someone finds your phone and is able to access it, they would also need to know your username and password to access SCIO as if they were you. However, it is still important that you contact your system administrator and report the lost or stolen phone immediately.

   Do I still need a strong password if I use 2FA?

Yes, having a strong password is still important even if you use two-factor authentication (2FA). Here’s why:

  1. Defense-in-Depth: 2FA adds an extra layer of security, but a strong password is your first line of defense. If someone can guess or crack your password, they might still be able to try other methods to bypass or compromise your 2FA.

  2. Password Reuse and Breaches: Many people reuse passwords across multiple sites. If one site gets breached, a weak or reused password can give attackers access to other accounts, even if they’re protected by 2FA.

  3. Protection Against Phishing: Strong passwords reduce the chances of someone successfully phishing your credentials. While 2FA can help protect against unauthorized access, a strong password makes it harder for attackers to succeed in their attempts.

  4. Varied Attack Methods: Attackers use various methods to compromise accounts, including brute force attacks and credential stuffing. A strong, complex password helps ensure that these methods are less effective.

So, while 2FA significantly boosts your security, combining it with a strong, unique password is a best practice for keeping your accounts as secure as possible.

   Can I receive my SCIO's OTP as an SMS or via email?

No, receiving one-time passwords (OTPs) via SMS or email has several security drawbacks. To enhance the security of your accounts and eliminate these risks, we chose to use an Authenticator App for OTPs. Here are a few of the drawbacks associated with receiving OTPs via SMS or email:

  1. Phishing Risks: SMS and email can be vulnerable to phishing attacks. An attacker might trick you into providing the OTP by impersonating a legitimate service or tricking you into visiting a fake site.

  2. SMS Interception: SMS messages can be intercepted by attackers through various means, such as SIM swapping or network vulnerabilities. This can potentially expose your OTP to unauthorized parties.

  3. Email Compromise: If your email account is compromised, attackers could access OTPs sent to your email. This could give them access to accounts or services that use email-based OTPs for authentication.

  4. Lack of Encryption: SMS messages are not encrypted during transmission, which means they can be intercepted and read by anyone who can access the network traffic. Similarly, emails can be intercepted, especially if they're not encrypted.

  5. Delayed Delivery: SMS and email OTPs can sometimes be delayed due to network issues or server problems, potentially causing inconvenience or access issues.

  6. Social Engineering: Attackers can use social engineering tactics to trick users into revealing OTPs received via SMS or email. For example, they might impersonate a legitimate support agent and request the OTP from you.

   I was able to enter the OTP and login, but now i cannot anymore, what can I do?

First, try accessing the login page using an incognito or private browsing window. Here’s how to do that in different browsers:

  • Google Chrome:

    1. Click on the three vertical dots in the upper-right corner of the browser.
    2. Select "New Incognito Window" from the dropdown menu.
    3. A new window will open in incognito mode. Visit the login page and try logging in again.
  • Mozilla Firefox:

    1. Click on the three horizontal lines in the upper-right corner of the browser.
    2. Select "New Private Window" from the menu.
    3. A new window will open in private browsing mode. Go to the login page and attempt to log in.
  • Microsoft Edge:

    1. Click on the three horizontal dots in the upper-right corner of the browser.
    2. Select "New InPrivate Window" from the dropdown menu.
    3. A new window will open in InPrivate mode. Navigate to the login page and try to access your account.
  • Safari:

    1. Click on "File" in the menu bar.
    2. Select "New Private Window."
    3. A new window will open in private browsing mode. Visit the login page and attempt to log in.

If using an incognito or private browsing window resolves the issue, you can either continue using that mode or clear the cache of your regular browser. To clear the cache:

  • Google Chrome:

    1. Go to the three vertical dots in the upper-right corner, select "Settings," then "Privacy and security," and click on "Clear browsing data."
    2. Choose "Cached images and files" and click "Clear data."
  • Mozilla Firefox:

    1. Click on the three horizontal lines, go to "Settings," then "Privacy & Security," and scroll down to "Cookies and Site Data."
    2. Click "Clear Data" and select "Cached Web Content."
  • Microsoft Edge:

    1. Click on the three horizontal dots, go to "Settings," then "Privacy, search, and services," and click on "Choose what to clear."
    2. Select "Cached images and files" and click "Clear now."
  • Safari:

    1. Click on "Safari" in the menu bar, select "Preferences," then go to the "Privacy" tab, and click "Manage Website Data."
    2. Select "Remove All" to clear the cache.

Try logging in again after clearing the cache. If you still experience issues, contact your system administrator for further assistance.