Password basics#
You are responsible for your account security and creating a sufficiently secure password for your account. A minimum of 8 characters are required. We do not enforce any other rules, but we urge you to create a password that turns the meter green.
The current password strength is shown on a password strength meter when creating the password. Here are some examples:
The password strength is based on the zxcvbn algorithm.
We do not force annoying, burdensome and ineffective rules for password creation, like using a uppercase, lowercase, symbol etc.
Additional security#
Setting up 2 factor authentication (2FA)
You can strengthen your account security by turning on 2 factor authentication. We support 2FA using any authenticator app on your mobile device. We highly recommend Aegis Authenticator.
An authenticator is used to generate the 6-digit OTP (One Time Password) required. You must choose an authenticator that supports the Time-based One-Time Password protocol (TOTP). The OTP generated is valid only for a short time - usually 30 seconds.
Setup for 2FA can be found under User > Settings after logging in. Open any authenticator app on your mobile device and scan the QR code that is being displayed in the section Strengthen your account security. This will add a new entry to your authenticator app with Issuer as "MainCross Social+".
Enter the 6 digit OTP that is being shown by your authenticator app and click on Verify.
On successful verification, you will see the following prompt with your 2FA recovery code. You can use this recovery code to deactivate 2FA if you lose access to your authenticator or the device the authenticator is running on. Please store the 2FA recovery code somewhere safely.
It is essential that you save the recovery code safely and securely. Without this, you will be locked out of your account. We cannot guarantee that we will be able to help you regain access to your account.
That's it. From now on when you log in again, you will be prompted to enter the latest 2FA OTP from your Authenticator device.
Deleting the 2FA
Once successfully setup, the 2FA can be disabled anytime by clicking the "disable" button in the same section Strengthen your account security.
Logging in with 2FA
Once 2FA has been setup for your account, it is not enough to use only the password for logging in. After entering a valid username and password, the system will prompt for the 2FA OTP as follows:
If the 2FA OTP is incorrect, you will not be able to login.
Very occasionally, you may find that the 2FA OTP you have entered was not accepted. This may happen since the OTP is valid only for a short time. Just enter the next OTP.
Reset 2FA using Recovery Code
If you no longer have access to your authenticator or the device the authenticator is running on, or the authenticator was changed and the association broken, etc - you can disable the 2FA on your account without additional assistance by clicking on the "Reset 2FA?" button and then entering the recovery code that you have downloaded earlier.
If the recovery code is successfully, you will be immediately able to login to your account. You may turn on 2FA again from under Settings.
If the recovery code is unsuccessful, you will not be able to login to your account at all.
Please contact us in that case, but we cannot guarantee that we will be able to help you regain access to your account. You may have to prove that you are indeed the owner of the account.
