Update using-two-factor-authentication to correct default

I was going through the process to enable tfa and noticed some things different between the experience and the docs. So I've fixed them up: * [The default setting is auth-and-writes](https://github.com/npm/npm/blob/latest/lib/profile.js#L203) * Tidied up the list items and made the indentation consistent throughout the file * Removed the note about being asked for an OTP code twice This fixes #876.
mtoothman · Oct 5, 2017 · 8e7d4c9 · 8e7d4c9
1 parent 916acd2
commit 8e7d4c9
Showing 1 changed file with 70 additions and 50 deletions.
diff --git a/content/getting-started/using-two-factor-authentication.md b/content/getting-started/using-two-factor-authentication.md
@@ -5,33 +5,33 @@ featured: true
 
 # Using Two-Factor Authentication
 
-To meet the increasing need for strong digital security, npm has introduced two-factor authentication (2FA) to profiles and tokens. 2FA prevents unauthorized access to your accounts and projects. You have probably used 2FA before. For example, if you need to provide a code from your phone in addition to logging in with a password to access your bank account, your bank has enabled 2FA. Two-factor means that there are two pathways you must use to gain access to code or an account. 2FA would also include having a card key to get into a building, plus a physical key to get into an office. If you had one without the other, you could not get into the office. 
+To meet the increasing need for strong digital security, npm has introduced two-factor authentication (2FA) to profiles and tokens. 2FA prevents unauthorized access to your accounts and projects. You have probably used 2FA before. For example, if you need to provide a code from your phone in addition to logging in with a password to access your bank account, your bank has enabled 2FA. Two-factor means that there are two pathways you must use to gain access to code or an account. 2FA would also include having a card key to get into a building, plus a physical key to get into an office. If you had one without the other, you could not get into the office.
 
-To get started using 2FA with npm you will need to have an authentication package that can provide the second authentication factor. If you don't have one, please download a product such as Authy or Google Authenticator. 
+To get started using 2FA with npm you will need to have an authentication package that can provide the second authentication factor. If you don't have one, please download a product such as Authy or Google Authenticator.
 
 (Note: npm will not use SMS (text-to-phone) as a method for authenticating users.)
 
 ## Summary of Features
 
 As part of the introduction of 2FA, npm has enhanced or added new security features. Read this doc to learn how to use them.
 
-### New Security Options 
+### New Security Options
 
 * Enable two-factor authentication on your user profile to prevent spoofing
 * Profiles can be edited from the command line interface
-* You can change passwords from the command line interface 
+* You can change passwords from the command line interface
 * You can edit profile settings from the command line, including passwords
-* Limit access to your code according to IP address ranges (CIDR) 
+* Limit access to your code according to IP address ranges (CIDR)
 * One-time use Password Recovery codes have been implemented for greater security
-* Limit code to read or read-write control by controlling tokens 
-* Create and delete specialized tokens to allow targeted and controlled distribution 
+* Limit code to read or read-write control by controlling tokens
+* Create and delete specialized tokens to allow targeted and controlled distribution
 
 ### Understanding Access Settings
 
 For several of the new commands, you can select between two levels of authentication:
 
-*   *auth only* means authenticate only, which gives you read access. 
-*   *auth-and-writes* means read, write, and delete access. Someone with this access can also grant access to others. 
+*   *auth only* means authenticate only, which gives you read access.
+*   *auth-and-writes* means read, write, and delete access. Someone with this access can also grant access to others.
 
 ## Working with the new Profile Options
 
@@ -45,68 +45,88 @@ For several of the new commands, you can select between two levels of authentica
 
   `npm profile set [email|two factor auth|cidr_whitelist|fullname|homepage|freenode|twitter|github]`
 
-## How to Add Two-Factor Authentication to your Profile 
+## How to Add Two-Factor Authentication to your Profile
 
-The first step toward greater security is to add 2FA to your profile. This will prevent spoof attacks, where someone logs in as if they were you. 
+The first step toward greater security is to add 2FA to your profile. This will prevent spoof attacks, where someone logs in as if they were you.
 
-1a. Type this command to enable tfa authentication-only to your profile:
+1.  Enter the command to enable two factor authentication
 
-`npm profile enable-tfa`
+    1.  Type either of these commands to enable tfa authentication and enable write access to your profile:
 
-1b. Type this command to enable tfa authentication, and also enable write access to your profile: 
+        ````
+        npm profile enable-tfa
+        npm profile enable-tfa auth-and-writes
+        ````
 
-`npm profile enable-tfa auth-and-writes`
+    2.  Type this command to enable tfa authentication-only to your profile:
 
- 2a. If you choose the default setting, this message will appear: 
-````
-$ npm profile enable-tfa
+        ````
+        npm profile enable-tfa auth-only
+        ````
 
-> npm notice profile Enabling two factor authentication for auth-only
-````
+2.  Check you have chosen the right setting.
 
- 2b. If you chose the second tfa setting, this message will appear: 
-````
-$ npm profile enable-tfa auth-and-writes
+    1.  If you choose the default setting, this message will appear:
 
-> npm notice profile Enabling two factor authentication for auth-and-writes
-````
+        ````
+        $ npm profile enable-tfa
 
-3. When prompted, enter your npm password.
+        > npm notice profile Enabling two factor authentication for auth-and-writes
+        ````
 
-4. npm will present a QVR code with this message:
+    2.  If you chose the `auth-and-writes` tfa setting, the same message will appear:
+        ````
+        $ npm profile enable-tfa auth-and-writes
 
-````
-Scan into your authenticator app or enter code [**your code**]
-And enter your first OTP code:
-And enter your second OTP code:
-````
-5. Use your authenticator app to scan the code, or to enter the codes as directed. After you do this, you will see this message:
+        > npm notice profile Enabling two factor authentication for auth-and-writes
+        ````
 
-````
-TFA successfully enabled. Below are your recovery codes, please print. 
-You will need these to recover access to your account if you lose your device.
-````
+    3.  If you chose the `auth-only` tfa setting, this message will appear:
 
-6. This statement is followed by a series of codes. Please print them or save them as described in the message. 
+        ````
+        $ npm profile enable-tfa auth-only
 
->**WARNING**: You must save these codes somewhere safe, such as a location that is not normally near your device. If you lose the device that provides the second method of security, or forget your password, these codes will be your only way to get back online. 
+        > npm notice profile Enabling two factor authentication for auth-only
+        ````
+
+3.  When prompted, enter your npm password.
+
+4.  npm will present a QVR code with this message:
+
+    ````
+    Scan into your authenticator app or enter code [**your code**]
+    And an OTP code from your authenticator:
+    ````
+
+5.  Use your authenticator app to scan the code, or to enter the codes as directed. After you do this, you will see this message:
+
+    ````
+    TFA successfully enabled. Below are your recovery codes, please print these out.
+    You will need these to recover access to your account if you lose your authentication device.
+    ````
+
+6.  This statement is followed by a series of codes. Please print them or save them as described in the message.
+
+    >**WARNING**: You must save these codes somewhere safe, such as a location that is not normally near your device. If you lose the device that provides the second method of security, or forget your password, these codes will be your only way to get back online.
 
 ## How to Remove Two-Factor Authentication from your Profile
 
-1. To remove 2FA from your profile, type this command:
+1.  To remove 2FA from your profile, type this command:
+
+    ````
+    npm profile disable-tfa
+    ````
 
-   `npm profile disable-tfa`
-
-2. Enter your npm password when prompted. 
+2.  Enter your npm password when prompted.
 
-3. Enter a one-time password from your authenticator. The authenticator can be Authy or any other standard authenticators. Your screen will look like this:
+3.  Enter a one-time password from your authenticator. The authenticator can be Authy or any other standard authenticators. Your screen will look like this:
 
-````
-$ npm profile disable-2fa
+    ````
+    $ npm profile disable-2fa
 
-> npm password:
+    > npm password:
 
->Enter one-time password from your authenicator: 123456
+    >Enter one-time password from your authenicator: 123456
 
-Two factor authentication disabled. 
-````
+    Two factor authentication disabled.
+    ````