🔐 Authentication & Security

Complete guide to all authentication methods and security features

🎯 Authentication Overview

VoiceLink supports multiple authentication methods to meet different security needs, from simple password protection to advanced two-factor authentication systems.

🔑 Basic Authentication

  • Username and password
  • Room-specific passwords
  • Guest access
  • Quick and simple setup

📱 iOS 2FA

  • Face ID / Touch ID integration
  • iOS Keychain support
  • Native iOS authentication
  • Seamless user experience

🔐 Third-Party 2FA

  • Google Authenticator
  • Microsoft Authenticator
  • Authy support
  • TOTP standard compliance

💬 Message-Based 2FA

  • SMS verification
  • Email confirmation
  • Telegram integration
  • Discord notifications

🌐 OAuth Integration

  • Google Sign-In
  • Microsoft accounts
  • GitHub authentication
  • Discord OAuth

🏢 Enterprise SSO

  • SAML 2.0 support
  • Active Directory
  • LDAP integration
  • OpenID Connect

🔑 Basic Authentication Setup

👤 User Account Authentication

Creating an Account

  1. Access Registration: Click "Create Account" on login screen
  2. Choose Username: Select unique username (3-20 characters)
  3. Set Password: Create strong password (minimum 8 characters)
  4. Email Verification: Verify email address if required
  5. Profile Setup: Complete basic profile information

Password Requirements

  • Minimum 8 characters length
  • At least one uppercase letter
  • At least one lowercase letter
  • At least one number
  • Special characters recommended

🚪 Guest Access

Guest User Capabilities

  • Room Access: Join public and passworded rooms
  • Voice Chat: Full voice communication
  • Text Chat: Send and receive messages
  • 3D Audio: Participate in spatial audio

Guest Limitations

  • No Room Creation: Cannot create new rooms
  • No Settings Sync: Settings not saved across sessions
  • Limited History: No access to room history
  • No Bookmarks: Cannot save favorite rooms

Using Guest Access

  1. Click "Join as Guest" on main screen
  2. Enter display name for the session
  3. Enter room ID to join
  4. Enter room password if required
  5. Start participating immediately

🔒 Room-Level Authentication

Public Rooms

  • No authentication required
  • Anyone with room ID can join
  • Visible in server room lists
  • Best for open communities

Password-Protected Rooms

  • Single shared password
  • Host sets and shares password
  • Hidden from public listings
  • Ideal for private groups

Invite-Only Rooms

  • Host manually approves each user
  • Request-based joining system
  • Maximum privacy control
  • Perfect for sensitive meetings

📱 iOS Two-Factor Authentication

VoiceLink integrates deeply with iOS security features to provide seamless and secure authentication on iPhone and iPad devices.

🆔 Face ID / Touch ID Integration

Enabling Biometric Authentication

  1. Open Settings: Go to User Settings → Security
  2. Enable Biometrics: Toggle "Use Face ID/Touch ID"
  3. Authenticate: Complete initial biometric scan
  4. Backup Methods: Set fallback authentication
  5. Test Access: Verify biometric login works

Biometric Capabilities

  • Quick Login: One-touch authentication
  • Room Access: Biometric verification for private rooms
  • Settings Protection: Secure sensitive settings
  • Purchase Verification: Authorize premium features

Fallback Options

  • Device Passcode: Use iOS passcode as backup
  • Password Login: Traditional username/password
  • Recovery Codes: One-time use backup codes

🔐 iOS Keychain Integration

Keychain Features

  • Secure Storage: Passwords encrypted in iOS Keychain
  • Auto-Fill: Automatic login form completion
  • Sync Across Devices: iCloud Keychain synchronization
  • Share Passwords: Family sharing for room passwords

Setting Up Keychain Integration

  1. Enable iCloud Keychain: Settings → [Your Name] → iCloud → Keychain
  2. Allow VoiceLink Access: Grant permission when prompted
  3. Save Credentials: Choose "Save Password" on login
  4. Verify Sync: Check passwords appear on other devices

🔔 iOS Native Notifications

Push-Based 2FA

  • Login Notifications: Approve/deny login attempts
  • Device Verification: Confirm new device access
  • Location Alerts: Unusual location login warnings
  • Quick Actions: Approve directly from notification

Configuring Notifications

  1. Enable Notifications: Allow VoiceLink to send notifications
  2. Choose Alert Style: Banner, alert, or badge
  3. Set Importance: Critical alerts for security events
  4. Configure Actions: Set up quick approve/deny actions

🛡️ iOS Security Best Practices

Device Security

  • Keep iOS updated to latest version
  • Use strong device passcode (6+ digits)
  • Enable automatic lock after inactivity
  • Review app permissions regularly

Biometric Security

  • Re-scan Face ID if appearance changes significantly
  • Add alternate appearance for Face ID
  • Clean Touch ID sensor regularly
  • Set up multiple fingerprints for Touch ID

🔐 Third-Party Two-Factor Authentication

VoiceLink supports all major authenticator apps using the industry-standard TOTP (Time-based One-Time Password) protocol.

📱 Supported Authenticator Apps

🔵 Google Authenticator

  • Free and widely used
  • Available on iOS and Android
  • Offline code generation
  • Backup and sync features
Setup Guide

🔷 Microsoft Authenticator

  • Enterprise-grade security
  • Push notification support
  • Biometric verification
  • Cloud backup included
Setup Guide

🔶 Authy

  • Multi-device synchronization
  • Encrypted cloud backups
  • Push notifications
  • Advanced security features
Setup Guide

🔸 Other Compatible Apps

  • 1Password
  • LastPass Authenticator
  • Duo Mobile
  • Any TOTP-compatible app

⚙️ General 2FA Setup Process

1

Enable 2FA in VoiceLink

  • Go to User Settings → Security
  • Click "Enable Two-Factor Authentication"
  • Choose "Authenticator App" method
2

Scan QR Code

  • Open your authenticator app
  • Tap "Add Account" or "+"
  • Scan the QR code displayed in VoiceLink
  • Or manually enter the setup key
3

Verify Setup

  • Enter the 6-digit code from your app
  • Click "Verify and Enable"
  • Save the provided backup codes
  • Test login with 2FA enabled

🔵 Google Authenticator Setup

  1. Download App: Install Google Authenticator from App Store
  2. Open App: Launch Google Authenticator
  3. Add Account: Tap "+" then "Scan QR code"
  4. Scan Code: Point camera at VoiceLink QR code
  5. Account Added: VoiceLink appears in your accounts list
  6. Get Code: Tap VoiceLink entry to see current code
  7. Enter Code: Input 6-digit code in VoiceLink

Google Authenticator Tips

  • Backup: Enable cloud backup in app settings
  • Multiple Devices: Add account to multiple devices
  • Time Sync: Ensure device time is accurate

🔷 Microsoft Authenticator Setup

  1. Install App: Download Microsoft Authenticator
  2. Sign In: Sign in with Microsoft account (optional)
  3. Add Account: Tap "+" then "Other account"
  4. Scan QR: Use camera to scan VoiceLink QR code
  5. Name Account: Enter "VoiceLink" as account name
  6. Verify: Enter generated code in VoiceLink
  7. Enable Backup: Allow cloud backup for recovery

Microsoft Authenticator Features

  • Push Notifications: Approve logins with one tap
  • Biometric Lock: Secure app with Face ID/Touch ID
  • Cloud Sync: Automatic backup to Microsoft account

🔶 Authy Setup

  1. Download Authy: Install from App Store
  2. Create Account: Register with phone number
  3. Add Token: Tap "+" then "Scan QR Code"
  4. Scan VoiceLink Code: Point camera at QR code
  5. Set Icon: Choose icon and name for account
  6. Verify Setup: Enter 6-digit code in VoiceLink
  7. Enable Sync: Turn on multi-device sync

Authy Advantages

  • Multi-Device: Sync across all your devices
  • Encrypted Backup: Secure cloud storage
  • Offline Access: Works without internet
  • Desktop App: Available for Windows, Mac, Linux

💾 Backup Codes

What are Backup Codes?

Backup codes are one-time use codes that allow you to access your account if you lose access to your authenticator app.

Using Backup Codes

  • Save Securely: Store codes in a safe place (password manager, secure note)
  • One-Time Use: Each code can only be used once
  • Emergency Access: Use when authenticator app is unavailable
  • Generate New Codes: Create new set after using several codes

Best Practices

  • Print and store in secure physical location
  • Save in password manager
  • Don't store with your device
  • Share with trusted person if needed

💬 Message-Based Two-Factor Authentication

VoiceLink supports various messaging platforms for 2FA delivery, providing flexibility for users who prefer receiving codes through their favorite communication channels.

📱 SMS Verification

Setting Up SMS 2FA

  1. Navigate to Security: User Settings → Security → Two-Factor Authentication
  2. Choose SMS: Select "SMS/Text Message" option
  3. Enter Phone Number: Provide mobile number with country code
  4. Verify Number: Enter code sent to your phone
  5. Complete Setup: Confirm SMS 2FA is active

SMS Features

  • Universal Access: Works on any mobile phone
  • No App Required: Uses built-in SMS functionality
  • Quick Delivery: Usually arrives within seconds
  • Offline Friendly: Doesn't require internet connection

Important Considerations

  • Network Dependency: Requires cellular coverage
  • SIM Swapping Risk: Vulnerable to SIM card attacks
  • International Rates: May incur charges when traveling
  • Carrier Reliability: Dependent on SMS infrastructure

📧 Email Verification

📞 Telegram Integration

Connecting Telegram

  1. Start Bot: Search for "@VoiceLinkBot" in Telegram
  2. Begin Setup: Send "/start" command to bot
  3. Get Code: Bot provides unique linking code
  4. Link Account: Enter code in VoiceLink Security settings
  5. Verify Connection: Test 2FA delivery

Telegram Advantages

  • Instant Delivery: Real-time message delivery
  • Cross-Platform: Available on all devices
  • Secure Protocol: End-to-end encryption available
  • Rich Messages: Buttons for quick approval/denial

Bot Commands

  • /status - Check authentication status
  • /disable - Temporarily disable notifications
  • /enable - Re-enable notifications
  • /unlink - Remove Telegram 2FA

🎮 Discord Integration

Setting Up Discord 2FA

  1. Add Bot: Invite VoiceLink bot to your Discord server
  2. DM Bot: Send direct message to start setup
  3. Link Account: Use provided command with your user ID
  4. Verify Setup: Complete verification process
  5. Test Delivery: Ensure codes arrive correctly

Discord Features

  • Gamer-Friendly: Natural integration for gaming communities
  • Server Integration: Can notify server moderators
  • Rich Embeds: Beautiful formatted messages
  • Voice Notifications: Audio alerts for important events

Required Permissions

  • Send Messages (for codes)
  • Read Message History (for context)
  • Embed Links (for rich messages)
  • Use External Emojis (for status indicators)

🛡️ Message-Based Security Considerations

Method Security Level Convenience Best Use Case
SMS Medium High Universal access, simple setup
Email Medium-High High Professional use, audit trails
Telegram High Very High Tech-savvy users, instant delivery
Discord High High Gaming communities, team coordination

Security Recommendations

  • Multiple Methods: Set up backup 2FA methods
  • Secure Channels: Use encrypted messaging when possible
  • Regular Review: Audit connected accounts monthly
  • Immediate Action: Disable compromised accounts immediately

🏢 Advanced Authentication Methods

🌐 OAuth 2.0 Integration

Supported OAuth Providers

🔵 Google
  • Google Workspace integration
  • Gmail account linking
  • Admin console management
🔷 Microsoft
  • Azure AD integration
  • Office 365 accounts
  • Enterprise single sign-on
⚫ GitHub
  • Developer account linking
  • Organization membership
  • Team-based access control
🎮 Discord
  • Gaming community integration
  • Server role verification
  • Voice channel linking

OAuth Setup Process

  1. Choose Provider: Select OAuth provider in settings
  2. Authorize: Click to redirect to provider
  3. Grant Permissions: Allow VoiceLink access
  4. Return to App: Automatic redirect after approval
  5. Verify Account: Confirm linked account details

🏢 SAML 2.0 Support

Security Assertion Markup Language (SAML) 2.0 support enables enterprise single sign-on (SSO) integration with existing identity providers.

Compatible Identity Providers

  • Active Directory Federation Services (ADFS)
  • Okta
  • OneLogin
  • Ping Identity
  • Auth0
  • Azure AD

SAML Configuration

  1. IdP Setup: Configure VoiceLink as service provider in your IdP
  2. Metadata Exchange: Exchange SAML metadata files
  3. Attribute Mapping: Map user attributes (name, email, groups)
  4. Test SSO: Verify login flow works correctly
  5. Deploy: Enable for organization users

📂 LDAP Integration

LDAP Capabilities

  • Active Directory: Windows domain authentication
  • OpenLDAP: Open source directory service
  • Group Membership: Role-based access control
  • User Sync: Automatic user provisioning

LDAP Configuration

  1. Server Details: Configure LDAP server address and port
  2. Bind Account: Set up service account for queries
  3. Search Base: Define user and group search paths
  4. Attribute Mapping: Map LDAP attributes to VoiceLink fields
  5. Test Connection: Verify LDAP connectivity and authentication

🔐 OpenID Connect

OpenID Connect Features

  • Modern Standard: Built on OAuth 2.0
  • Identity Layer: User identity verification
  • Token-Based: Secure token exchange
  • Broad Support: Many provider options

OpenID Connect Providers

  • Google Identity Platform
  • Microsoft Azure AD
  • Auth0
  • Keycloak
  • Custom OIDC providers

🛡️ Security Best Practices

🔒 Account Security

  • Strong Passwords: Use unique, complex passwords for all accounts
  • Password Manager: Store credentials securely
  • Regular Updates: Change passwords periodically
  • Monitor Access: Review login history regularly

📱 2FA Security

  • Multiple Methods: Set up backup 2FA options
  • Secure Storage: Protect backup codes safely
  • App Security: Lock authenticator apps
  • Device Security: Keep devices updated and secure

🌐 Network Security

  • Secure Connections: Use HTTPS and WSS protocols
  • Trusted Networks: Avoid public WiFi for sensitive operations
  • VPN Usage: Use VPN when on untrusted networks
  • Firewall Rules: Configure appropriate network restrictions

👥 Organization Security

  • Role-Based Access: Implement principle of least privilege
  • Regular Audits: Review user access periodically
  • Security Training: Educate users on security practices
  • Incident Response: Have plan for security incidents

✅ Security Checklist

Initial Setup

  • □ Create strong, unique password
  • □ Enable two-factor authentication
  • □ Save backup codes securely
  • □ Verify email address
  • □ Review privacy settings

Ongoing Maintenance

  • □ Monitor login activity monthly
  • □ Update passwords quarterly
  • □ Review connected apps annually
  • □ Test backup 2FA methods
  • □ Keep software updated

🔧 Authentication Troubleshooting

❌ Can't Log In

Common Causes:

  • Incorrect username or password
  • 2FA app out of sync
  • Account locked or suspended
  • Network connectivity issues

Solutions:

  • Reset password using "Forgot Password"
  • Sync authenticator app time
  • Use backup codes
  • Contact support for account issues

📱 2FA Not Working

Common Causes:

  • Time synchronization issues
  • Wrong authenticator account
  • Network delays
  • Code already used

Solutions:

  • Check device time settings
  • Verify correct app account
  • Wait for new code generation
  • Use backup authentication method

🔄 OAuth Errors

Common Causes:

  • Provider service outage
  • Insufficient permissions
  • Expired authorization
  • Configuration mismatch

Solutions:

  • Check provider status page
  • Re-authorize application
  • Clear browser cookies
  • Use alternative login method

📧 Not Receiving Codes

Common Causes:

  • Spam/junk folder filtering
  • Network carrier delays
  • Incorrect contact information
  • Service provider issues

Solutions:

  • Check spam/junk folders
  • Verify phone number/email
  • Try alternative delivery method
  • Wait and retry in few minutes