Two-factor authentication

GunTab's password authentication is secure, but you can take your security to the next level with two-factor authentication.

Two-factor authentication

Most web applications only require your email and password to sign in.  In the cybersecurity field, there is a saying: the strongest authentication requires something you know, but also something you possess.  Specifically, you might know a password, but also possess some code or key file.  GunTab has always authenticated users by password.  Now GunTab supports optional two-factor authentication, meaning you can choose to make your account even more secure.

How does two-factor authentication work?

After enabling two-factor authentication, signing in to GunTab requires a third input field (after email and password): "One-time code (or backup code)".  In this field you enter a code generated by the Google Authenticator app on your smartphone.  Or, if you don't have your smartphone, you can enter one of the single-use backup codes we give you when you enabled two-factor authentication.

Why use two-factor authentication?

GunTab is very secure.  But when it comes to your money, can anything be too secure?  Two-factor authentication is an optional extra layer of security, which comes at a small cost.

With software there is generally a tradeoff between security and usability.  Two-factor authentication is a great example.  You increase the security of your account, but at the cost of making it more difficult to sign in.  So GunTab gives you the option: if you want extra security for your account, at the cost of a few extra moments when you sign in, you can enable two-factor authentication.

The specific risk that two-factor authentication protects against is account takeover.  Account takeover occurs when a malicious actor discovers the password to your account, signs in, and attempts to buy things using your stored payment methods.  By requiring a second credential, in addition to your password, you can help protect yourself from account takeover.

Is there a downside?

Two-factor authentication is a tradeoff.  You increase the security of your account, while also increasing the risk that you lock yourself out of it.  If you enable two-factor authentication, you will always need either your smartphone or your backup codes to sign in.

How would a bad guy get your password?

Here are the most common ways a bad guy might determine your password and gain access to your account.  These are ordered by how common they are.  Note that every scenario involves users allowing their own account to be compromised, in spite of GunTab's security measures:

  1. You re-use passwords across different websites.  One of those other websites gets compromised, and a bad guy figures out your password.  Then the bad guy uses it to log in to other websites you use, and one of them is GunTab.
  2. Your computer gets hacked by a bad guy who finds your password stored somewhere on the machine.  He logs directly into your GunTab account.
  3. You use a public computer that has been compromised by a bad guy, who records your password when you log into GunTab.  Then he logs into your account on his own.

The message is clear: you should use different passwords for every website, and be vigilant about protecting them.  To be extra safe, you can enable two-factor authentication.

How do you enable two-factor authentication?

If you want to enable two-factor authentication for your GunTab account, follow these steps:

  1. If you don't already have an authentication app on your smartphone, download one.  We recommend Google Authenticator (Android, iPhone/iPad).
  2. Sign in to your GunTab account.
  3. Select "Account" in the top right.
  4. Select the "Two-factor authentication" link in the "Security" section.
  5. Click "Enable".
  6. In the authentication app on your smartphone, click "+" and scan the QR code displayed by GunTab.  This should add a "GunTab" entry to your authentication app.
  7. Copy-paste the backup codes somewhere safe.

The next time you log in, you will be asked to enter either a code from the authentication app, or a single-use backup code.

How do you disable two-factor authentication?

You can disable two-factor authentication anytime, by following steps 2-4 above, then clicking "Disable".

Stay safe using GunTab

GunTab offers the only safe payments for online firearm and ammo transactions.  If you care about online security, GunTab is the answer.