Two-Factor Authentication (2FA) – FAQ

To protect your club’s website and our entire network, we now require Two-Factor Authentication (2FA) for all Kiwanis site administrators. This simple process adds a second step to your login, making it much harder for hackers to access your site—even if your password is stolen.

📌 What is Two-Factor Authentication?

Two-Factor Authentication (2FA) means logging in with:

1. Your password, and
2. A one-time code from an app on your phone.

This code changes every 30 seconds and cannot be reused.

🛡️ Why is this required?

Because we host over 1,500 club websites, hackers often try to break in using stolen or guessed passwords. 2FA stops these attacks—even if someone has your password.

📲 What do I need to get started?

You’ll need:

• A smartphone (iPhone or Android)
• A free app that generates codes:
  • Microsoft Authenticator: iOS | Android
  • Google Authenticator: iOS | Android
  • Duo Mobile: iOS | Android

🧭 Step-by-Step Setup Guide

1. Log in to your WordPress dashboard.
2. Go to “Login Security” in the left-hand menu.
3. Scan the QR code with your authentication app.
4. Enter the 6-digit code from your app.
5. Click Activate.

🔐 IMPORTANT: Download Your Rescue Codes

After activating 2FA, you’ll see an option to download rescue codes. These are one-time-use codes that allow you to log in if you lose access to your phone.

Download and store these codes in a safe place (such as a password manager or printed copy). Each code can only be used once.

📝 What happens the next time I log in?

You’ll enter your username and password, then the 6-digit code from your phone’s app. If you lose your phone, you can enter one of your rescue codes instead.

💡 What if I get a new phone?

Before switching phones:

1. Go to “Login Security” in WordPress
2. Disable 2FA
3. Set it up again on your new device

If you already switched phones and are locked out, use a rescue code. If you don’t have them, contact support.

🔒 What if I lose my phone and don’t have rescue codes?

1. Go to Fill out the tech support form
2. Fill out the tech support form
3. We’ll verify your identity and reset your 2FA
4. You’ll then re-enable 2FA and download new rescue codes

👥 Do I need to set this up for every club admin?

Yes. Every site administrator must set up 2FA individually.

🔄 I manage multiple club sites. Do I need to set up 2FA more than once?

It depends:

• If you use ONE user account to manage multiple Kiwanis sites (most common), you only need to set up 2FA once. It applies across all sites you manage.
• If you have MULTIPLE user accounts (e.g., one per site), you’ll need to set up 2FA separately for each account.

We recommend using a single user account wherever possible to simplify your login and improve security.

⏳ Can I skip this?

No. 2FA will eventually be required for all accounts. Without it, you will not be able to log in.

🤝 Need Help?

🔧 Visit: https://wiki.site.kiwanis.org/club-sites-support/ and fill out the tech support form.