Two-Factor Authentication

Two-factor authentication (2FA) provides an additional layer of security on top of the primary form of logging into Tornium (an API key or through Discord). This ensures that a user’s Tornium account remains secure even if their API key(s) or Discord account are compromised. Once enabled, users will be required to sign in with an API key or through Discord then enter a code generated by an authenticator app.

Supported 2FA Methods

• TOTP (Authenticator App): App that generates a six-digit token every 30 seconds.
• Backup Codes: List of one-time use backup codes for when the authenticator app is unavailable.

Enable 2FA

2FA can be enabled through the Tornium settings page under the “Two-Factor Authentication” section. While setting up the authenticator app, you can scan the QR code or manually enter the secret into the authenticator app, but neither are accessible after this. Once the authenticator app has been set up for Tornium, you will need to enter the code generated by the app to verify that 2FA has been setup properly. If it has been setup properly, 2FA will be immediately enabled.

Once 2FA is enabled, it is suggested to download backup codes associated with your user. These one-time use codes will allow you to go through 2FA even if you are unable to access the authenticator app. Once downloaded, these codes can not be accessed without regenerating the codes and invalidating the previous codes.

Disable 2FA

2FA can be enabled through the Tornium settings page under the “Two-Factor Authentication” section. Once 2FA is disabled, the previous secret and all remaining backup codes will be deleted and can not be reused.

Recovery

If you are unable to access your Tornium account due to 2FA and don’t have access to your backup codes, contact tiksan [2383326] on Torn only through a mail or chats. Discord messages regarding 2FA will be ignored to due a vulnerability in Torn’s Discord linking feature.