Introduction
Two-factor authentication (2FA) is a second security check during the sign-in process. It provides additional confirmation that you are indeed the person signing into your account. The two factors are:
Factor one: You sign in using your ORCID account (email or ORCID iD and password), or linked social media or institutional accounts.
Factor two: You enter a time-sensitive six-digit code unique to your ORCID account, or a unique recovery code linked to your ORCID account.
A 2FA app is required to create the six-digit code you need to access your account. Most apps are for mobile devices, and some also offer desktop or web-based apps.
2FA is optional on ORCID. You can turn it on or off at any time in your Account Settings.
Enabling two-factor authentication
Step 1: Sign into your ORCID account and navigate to your account settings.
Click the “Turn on two-factor authentication” button to start the process.
Step 2: Download and install your preferred two-factor authentication app
A 2FA app is required to create the six-digit code you need to access your account. Most apps are for mobile devices, and some also offer desktop or web-based apps.
Download and install your preferred two-factor authentication app. Applications that we have tested with ORCID are listed below.
- Authy (Android, Apple iOS, Apple macOS, Windows, Chrome browser)
- FreeOTP (Android, Apple)
- Google Authenticator (Android, Apple, Windows Phone)
- Microsoft Authenticator (Android, Apple, Windows Phone)
If you already have an app, go to the next step.
Step 3: Add your ORCID account to your two-factor authentication app
Open your 2FA app and add a new account.
Scan the provided QR code or input the text code for your ORCID account.
Scan the QR code (left) or enter the text code (right) into your 2FA app
When successfully connected, your app may also give you the option to name the new account.
Step 4: Input the six-digit code on your app to confirm
Your app will display a connection message and a six-digit code when you have successfully connected your ORCID account to your app. Enter the six-digit code to enable 2FA.
Step 5: Save your recovery codes in your preferred safe space
Save your codes! You won’t have the opportunity to download them later. If you lose access to your 2FA application and don’t have access to the codes, you’ll lose access to your ORCID account.
Recovery codes can be used to access your account if for any reason you can't receive 2FA codes (for example, if you lose the device with your 2FA app).
Download or copy these codes and store them in a safe spot, such as password manager.
This is the only time that you can download or copy these codes. ORCID does not store a backup. If you lose access to your 2FA application and don't have your codes, you will lose access to your ORCID account.
If you forget to download or copy your recover codes, you can generate a new list by disabling 2FA and then re-enabling it on your ORCID account.
Disabling two-factor authentication
You can disable 2FA at any time from your ORCID Account Settings by clicking “Disable”.
Recovery codes
When you enable 2FA, ORCID will display a list of randomly-generated recovery codes for you to download or copy to a safe place, such as a password manager. These codes can be used if you are unable to receive 2FA codes – for example, if you lose access to the device with your 2FA app.
Each code can only be used once, and ORCID cannot provide the list of codes after you enable 2FA. If you forget to save the list of codes, you can disable and then re-enable 2FA. Each time you enable 2FA, you will get a new list of codes.
Using a recovery code
If you do not have access to your 2FA app when signing in, choose the Enter recovery code option to enter one of your stored codes.
Each code can only be used once. If you try to reuse a recovery code, you will receive an "Invalid recovery code" error message.
Frequently asked questions
Does ORCID require two-factor authentication?
2FA is completely optional. If you choose to enable it, you can turn it off or on in your account settings at any time.
Can two-factor authentication better verify my identity or the identity of others?
No, 2FA cannot and does not verify your identity. Rather, it gives stronger support that you are in control of both your sign-in account details and the application which created the ORCID authentication code.
Is there a specific two-factor authentication app I should use for ORCID?
Any 2FA app which allows you to scan a QRCode or enter a key to generate a one-time authentication code can be used with 2FA on ORCID. A list of apps we have tested can be found in Step 2 of Enabling two-factor authentication.
I’ve used all my recovery codes or can’t find my recovery codes. What should I do now?
Disable 2FA and enable 2FA again in your account settings. A new list of codes is generated each time you enable 2FA.
What do I do if I’ve lost access to my two-factor authentication app and my recovery codes?
Contact us directly for help restoring your account access.