Setup two-factor authentication for ISO login account

Introduction

In addition to a username and password, users must complete a second authentication step, which significantly reduces the risk of unauthorized access.

Within the ISO powered applications ecosystem supporting standards development at international, regional, and national levels, 2FA is implemented using a mobile authenticator application that generates a time‑limited, one‑time passcode (OTP).

This passcode is requested after successful password entry. Enabling 2FA provides an additional layer of security for users with ISO account and helps protect the integrity and confidentiality of ISO systems and data.

Set up two-factor authentication for ISO login account

Step 1 - Install the authenticator application on your mobile device

Download an authenticator application on your mobile device. device's application store. Check the FAQ section of this article to find recommended authenticator application.

Step 2 - Start setup in Home

1. Login to the ISO portal using your regular username and password.
2. Go to Preferences tab
3. Click on Set up new Authenticator application

4. Follow the 5 steps requested in the Mobile Authenticator Setup window and click on Submit

Your account is now protected with two-factor authentication. Next time you login, you will be required to:

1. Enter your username and password
2. Open your authenticator app
3. Enter the current 6‑digit code
4. Sign in

Note: The code changes every 30 seconds. If it expires, simply enter the next one that appears on your device.

Manage your two-factor authentication account

Enable two-factor authentication from multiple devices

If your primary device is lost, replaced, or temporarily unavailable, a secondary device allows you to sign in without interruption or support assistance. Using more than one device also adds flexibility and reduces the risk of being locked out, making it easier to maintain secure access to ISO-powered systems at all times.

You can register as many devices as necessary. For this click on Set up new Authenticator application and follow the same process as above.

Delete a device

Frequently Ask Questions (FAQ)

What is Two-Factor Authentication (2FA)?

Two-factor authentication (2FA), also commonly referred to as multi-factor authentication (MFA) adds an extra layer of security to your account.

You will sign in using:

1. Something you know – your existing username and password
2. Something you have – a temporary code from an app on your phone or tablet (or even a password manager on your computer)

Those two elements (what you know and what you have) are the two factors in two-factor authentication. Even if someone knows your password, they cannot log in without the code from your device. 

What is an authenticator application?

An authenticator app:

• Runs on your smartphone or tablet
• Generates a 6‑digit code that changes every 30 seconds
• Works without internet or mobile signal
• Is free and widely used worldwide on both Android and iPhone devices

Each time you sign in, you enter:

1. Your username and password
2. The current code shown in the app, which is time restricted and refreshes every 30 seconds

What are the recommended authenticator applications?

You may use any standard authenticator app. The ones below are commonly used and widely trusted:

Recommended options

• Google Authenticator          

  Simple, reliable, widely used

• Microsoft Authenticator 

  Good backup options and clear interface

• Authy

  Allows secure cloud backup (recommended if you change phones often)

• Aegis Authenticator 

  Allows local backup, deep customization options (but maybe too complex for all but power users)

Where to download

Only download from official app stores:

• Android: Google Play Store
• iPhone / iPad: Apple App Store

Warning! Never download authenticator apps from websites or links in emails. Always use the official app store for your type of device.

How to choose an app

If you are unsure:

• Choose Google Authenticator for simplicity
• Choose Authy if you are concerned about losing your phone, as it allows you to backup the codes and retrieve them on a different device

Any of the recommended apps will work

Do I need internet or mobile signal?

No. Authenticator apps work offline.  Of course, you must have an internet connection to access ISO-powered applications, but in the case that your computer can connect to the internet but your mobile device cannot, you are still able to use 2FA!

What if the code doesn’t work?

• Make sure your device’s date and time are set automatically
• Wait for the next code that appears and try again
• Ensure you are entering the code for the correct account (if you have more than one device enrolled, you have to choose which one you are using when you log-in)

What if I get a new phone?

Before changing phones:

• Add the new phone as an additional device using the instructions above
• Only remove the old phone after confirming the new one works

Note: If you follow the above procedure, you can completely self-manage switching mobile devices with zero access interruptions.

What if I lose my phone?

If you enrolled more than one device, use the other device.

If you lose all enrolled devices:

• You must contact the ISO Helpdesk for identity verification and account access restoration
• Access may be delayed in this case.

What other options are there for 2FA if I don’t want to use my phone?

Some password managers, which can be used directly on your computer, can also supply the required 2FA capabilities.  Some of the better-known ones are:

·       Bitwarden

·       1Password

·       Proton Pass

·       Keeper

·       RoboForm

·       Nordpass

Security tips

• Do not share your password or the authentication codes with anyone
• ISO/CS staff will never ask for your 6‑digit code
• Protect your phone with a PIN, fingerprint, or face recognition to ensure that access to the authentication app and the code it produces is accessible only to you