ArtTao. Net

. Account/Security

  1. What is Two-Factor Validation (TFA)?

Two-factor authentication requires entering a one-time verification code after entering the password to log in, significantly improving account security.

  1. How do I enable two-factor authentication?

After logging in, go to "My Account > Security Settings", select to enable "Two-factor authentication", scan the QR code and enter the verification code to complete the binding.

  1. Which verification methods are supported?

It supports SMS, email verification codes, and Authenticator applications (such as Google Authenticator and Authy).

  1. Where is the two-factor authentication setting in the AIOS plugin?

Administrators can enable mandatory TFA in the backend under "AIOS > User Security", and users can bind the authenticator by scanning the QR code in "Account Security".

  1. Why use TFA?

Even if the password is leaked, hackers still need a verification code to log in, effectively preventing brute-force attacks and account theft.

  1. How do I log in if I forgot my phone?

You can use a pre-saved "backup verification code" or log in temporarily via email verification.

  1. What is a backup verification code?

When TFA is enabled, the system will generate a one-time backup code. Please keep it safe in case your phone is lost.

  1. How do I change the linked phone number or authenticator?

Log in to your account, go to "My Account > Security Settings" and turn TFA off and then back on, then bind the new device.

  1. What should I do if my phone is lost or unusable?

Log in using the alternative verification code, and contact customer service as soon as possible to unbind or change to a new verification method.

  1. Can I use only an email verification code?

Yes, but we recommend using a verification app or SMS for greater security and reliability.

  1. Does it support forcing all users to enable TFA?

Yes, administrators can set it up centrally in the backend, requiring users to bind an authenticator the next time they log in.

  1. How often should I reset my password?

It is recommended to update every 90 days, or make changes immediately upon discovering suspicious logins.

  1. How do I reset my password?

On the login page, click "Forgot Password," enter your registered email address, and you will receive a reset link. Follow the prompts to set a new password.

  1. What should I do if I don't receive the password reset email?

First, check your spam/junk folder and blocking rules to ensure your email address is spelled correctly; if you still receive no emails, please contact customer service to manually reset it.

  1. How long does it take for the password reset to take effect?

The new password will take effect immediately upon successful setup, and the old password will no longer be valid for login.

  1. Can I set a previous password?

For security reasons, the system does not allow the reuse of the three most recent passwords.

  1. Are there any complexity requirements for passwords?

It must be at least 8 characters long, including uppercase and lowercase letters and numbers. It is recommended to add symbols to improve security.

  1. How can I view my recent login history?

You can view your most recent login IP and time in "My Account > Security Log". If you find anything unusual, you can change your password immediately.

  1. What should I do if my account is locked?

Entering the wrong password multiple times may result in temporary locking. You can wait 30 minutes or contact customer service to unlock it.

  1. Is it possible to retrieve a password using a mobile phone number?

Users who have linked their mobile phone numbers can quickly reset their passwords via SMS verification code.

  1. Does the system support unified password reset for enterprise accounts?

Yes, administrators can force all users to change their passwords on their next login in the backend.

  1. Can the AIOS plugin restrict weak passwords?

Yes, the backend can enable a "strong password policy" to require users to set more secure passwords.

  1. How do I disable two-factor authentication?

In "My Account > Security Settings", you can turn off TFA. You will need to enter a verification code to confirm.

  1. How to improve overall account security?

It is recommended to use both strong passwords and two-factor authentication; avoid storing passwords on public devices; and check security logs regularly.