Must use Auth0 Guardian. Need help. I am a first-time user, not a developer

I am not a developer. My brokerage is forcing me to use Auth0 Guardian to access my brokerage account. It must be done on a smart phone. I have never owned a smart phone. I had to scramble to figure out what to purchase. I just received the SIM card for the smart phone I purchased at Best Buy. I was unable to activate it because no internet last week road construction severed the lines.

My first question. I looked up Auth0 Guardian on youtube. All I could find was demonstration videos for developers. I have to believe you have demonstration videos for first time users like me to access their accounts. Can you point me to the demonstration videos for first time users like me?

My second question. Is there a way practice test using Auth0 Guardian to access a practice account before I do it on my brokerage account? I have never used a smart phone before and never used Auth0 Guardian before. That would mean I could easily make mistakes. The brokerage (and the rest of the world) make the assumption I and everyone in the world is very experienced with a smart phone. I just do not want to learn the first time on my brokerage account and make mistakes and get locked out. I would have to call the brokerage and they did not develop Auth0 Guardian so their knowledge would be limited. It would be so much better to practice with it where I can make mistakes that won’t cause me trouble.

Hi @opaquebrace,

Welcome to the Community!

Are you logging in via smartphone? Or are you using a laptop or desktop computer to log in?

The closest we have to this type of guide is the video on this page, and the use of auth0 guardian starts at 2:20.

We don’t have a practice app, unfortunately. I am happy to walk through an issues you have with it, or any question you have about the process.

If you store the recovery code (a code you receive after you successfully enroll in MFA), then you should be able to log in even if you are having problems with the app. This code is like a second password, be sure to treat it as a secure piece of information. Keep it in a safe place, and do not share it with others.

Thank you for your kind response. Thank you for the video. That really does help.
I forgot to ask, the instructions from brokerage said I will receive a “Push Notification”. I have not figured out text messages yet. Still figuring out and setting up the smartphone (moto e). What is the difference between text message and a push notification? From your video it appears that the push notification comes within the Auth0 Guardian app I download from google. If a push notification is within the Auth0 Guardian app then that all I think I need to know about push notifications.
You offered to “I am happy to walk through an issues you have with it”. From your video I do not think I will need that. It seems simple from your video. I hope it is that way when I do it. If I do need that type of help what are you proposing? Can I call you?
Next question I forgot to ask. I watched Google authenticator video on youtube. Google authenticator has a time out feature that the code is changed. I do not think I can do that in time before the change. Does Auth0 Guardian have a time out feature? This is important. If Auth0 Guardian does have a time out then I need to be prepared ahead of time to act quickly. Thank you for your response. Bob.

I forgot to answer your first question. The instructions are to login to brokerage account on desktop. That is good, I do not want to use a smartphone for that. The instructions say there is a link to setting up the authentication or Auth0 Guardian for the first time. Then the instructions say I must then use a smart phone to use Auth0 Guardian to take a picture of QR(? I think that is what it is called) code. Then I finish the steps in the instructions I hope that is enough detail for your question. Thank you for helping me. Bob.

A push notification is an alert that shows up on your phone. It will typically show up on the locked screen of your phone or in a notification center, and you can tap it to go directly to the app. In the guardian app, you will see this screen, where you tap allow to authenticate.

Sure, if it is a simple question then you can post it in this thread and we can work through it, if it is more complicated I am happy to set up a call.

Yes, but you shouldn’t run into the issue if you are using push notifications, as they are different from the one-time code google authenticator uses. (this is also available in guardian, but I would use the push notifications if it is easier.)

That is perfect. One tip I will give you is to keep your phone closed while you are logging in on your desktop. This way you don’t run into an issue where you have lost the push notification.

Sorry for the message I sent you. Thank you for your kind response. You recommended that my phone be “closed”. I do not quite know what that means. The smart phone is a flat brick. I can have it on the desk, camera down. Is that what you meant? I assume you mean I logging into brokerage account. Then click on the setup authentication link. Then only start using my smart phone when the steps require it. Thank you again for your quick responses. Bob.

1 Like

There should be a button on your phone that ‘closes’ it. Not physically closing like a normal flip phone, but a button that locks your phone and the screen goes black.

Sorry for the confusion. I mean to say, keep it closed whenever you are logging in to your brokerage account after you have registered the guardian app. The first time, you will have to open/unlock your phone, download the app, scan the code, etc.

If it is helpful I can walk you through setting it up on a zoom call.

Thank you for your fast and kind response. Thank you for the clarification of before and after setting up the authentication.
So that is why it goes black and I have to try to get it to respond by rubbing my finger around the screen for some time to get it to respond to me. (as you are most likely noticing I hate smartphones). It takes quite a number of tries to get it out of the “black” screen. I looked up screen lock on my phone. “screen lock” is set to “swipe”. The other options are far more complex and difficult. I will stay with swipe setting and try to get better at the “swipe”. For now, and the foreseeable future, I will only use my smartphone when it is absolutely required like using Auth0 Guardian. So, I do not believe I need the other more secure options for the screen lock.
Getting back to your “Tip”. The phone goes to the black screen quite quickly. I just tolerate it. After I set up the Auth0 Guardian on the brokerage web site and have logged out. You suggest I make sure my phone is on the black screen. Then start the login on brokerage website. Leave my phone on black screen till a push notification shows up on the black screen. Then go from there. I believe that is what your tip is.
Thank you for your offer of a zoom communication. I do not know much about zoom calls. All I know is I have received links for zoom meetings. I never participated. If all I have to do is click on a zoom link on my desktop to communicate with you that sounds like an easy solution. I am not at the point where I can do that today. I need to test the texting on my phone. I need to setup a google account to obtain the Auth0 Guardian for my smart phone. When I accomplish that I will go over the instructions very carefully. If I feel I can do it without assistance I will give it a try. If not, I might take you up on your kind offer to a zoom communication to set up Auth0 Guardian fir my brokerage account. Just so I am prepared if I need zoom communications, are you on duty during the day the remainder of the week? I live in Minnesota USA near Minneapolis.
Thank you so much for your help. Bob.

Yep, you got it.

Yes, and I can set up the call and email you the link, all you have to do is click the link like you mentioned you have done before. I am usually on during working hours PST, but we can cross that bridge when we get there. If you end up needing help from a call just let me know and we can find a time then I will schedule something.

I am trying to eliminate all assumptions. I just thought of the camera on the phone. I did do a couple of test pictures when I first purchased the phone. That process seemed simple enough. I will only use the camera for very minimal, basic usage. It appears using the camera with Auth0 Guardian is basic usage. I looked at the camera settings. Lots of settings detail. I did not see any settings that applies to Auth0 Guardian usage. It appears the default camera settings are all that is needed. Are there any settings I need to change to use the smartphone camera with Auth0 Guardian?

Nothing would need changed. You should just have to open the guardian app and tap the “plus” (+) button in the top right corner when you are prompted with the QR code on your desktop.

Here are more questions from the step by step instructions for setting up and using Auth0 Guardian my brokerage provided.
It shows a six-digit “recovery code” on the phone app. It shows only numbers. It also shows on the web page a 24-digit recovery code. This code is letters and numbers. They verbally say the six-digit code is if I “ever” lose my smartphone. Then it says to record the 24-digit code. It says at 03:30 that there is a “one-time password” or use “recovery code”. They are not clear which code is which and how to use it. They seem to interchange the words “password” and “recovery code”. There are two codes and they use a number of different terms for each code and how to use the two codes. What is the 6-digit code and when would I use it? What is the 24-digit code and when would I use it? What code is the “one-time password”? These questions are from what is seen and verbally said in the video.

02:33 After I record the code(s) I check the box that I recorded the code. The bottom button will turn blue. The bottom button will turn blue to be active. Then I am to click the blue button. It displays “you are all set”. Then I am to click “continue”. Then I will be sent a push notification. It is said later that the push notification will time out or expire.
Which one of these steps starts the timer for the time out or expiration?
Are there any other time limits in the above steps?
I just want to know when I can pause doing these steps and when I cannot pause doing these steps.
Do the push notifications show only on the smartphone black lock screen or dose the push notification show in the lock screen and withing the Auth0 Guardian app on my smartphone.?
Thank you for all your help. Bob.

Ah yes, they have them mixed up in the video.

The 6 digit code is a one time password (OTP). You use this as a second factor when you are logging in to the website and need a second factor. Or you can use a push notification and don’t have to worry about inputting numbers.

The 24 digit code is a recovery code. This code is only to be used in the case where you don’t have access to your smartphone (for example, your phone was destroyed or lost). You don’t want to use this as your second factor, as it will be quite cumbersome to type in on a normal basis.

It is important to understand that the you will not have to scan the qr code or do most of these things after you setup the guardian app. These steps are just to link your smartphone to your account, so you can use it as a second factor. Now that you have set up MFA, the normal login flow will work like this:

  • You input your email and password into the login page and click login
  • You receive a push notification
  • Tap the notification on your phone and you should be directed to the guardian app
  • Then tap the green allow button on the app (if this doesn’t show up, you may need to go back to the home screen on the app by clicking the arrow in the top left corner)
  • You should be successfully logged in.
  • As they mention, this should only be required every 30 days if you have checked the ‘remember this browser’ box.

The one-time password is an alternative to the push notifications. If you don’t want to receive a push notification, then you can use the one time password after you have submitted your normal username and password by clicking “enter the code manually”.

Be ready to use your smartphone after you have input your original username and password and click login on your computer. The one time password (if you chose to use it instead of a push notification) will expire, but you will be shown another one in its place, there is no rush to use anything, you will always see a valid one time password.

Thank you so much for viewing the video. “Ah yes, they have them mixed up in the video.” I just knew some things were not correct. One can tell he was in a hurry to get the video made.
One follow-up question. “The one-time password (if you chose to use it instead of a push notification) will expire, but you will be shown another one in its place, there is no rush to use anything, you will always see a valid one-time password.” The video says nothing about password expiration and replacement. I suspected there was a time-out password expiration. How long will the current one-time password last before it expires and is replaced by another? Thanks again. Bob.


It is valid for 30 seconds, it will turn red when there are 5-10 seconds left, then a new one will replace the existing OTP.

I use guardian daily and rarely use the OTP. I use push notifications as they are more seamless.

I got all prepared. I had all the steps and details in front of me. Had everything ready. I had the Auth0 Guardian setup on my smartphone with the camera functioning inside the app. I looked and could not find any settings in the Auth0 Guardian app. Nothing more I could do to prepare. I started the pre-enrolment authentication process on the brokerage web page.
You did not tell me about the “Passphrase”. I was sweating there for a time. You need to remember in all this that this is the first time using a smartphone AND using your app. Things started happening fast so I may not have the order of the details correct. I was at the point in the process that I recorded the recovery code. I received and I allowed the push notification. Then the Auth0 Guardian phone app demanded I deal with a “passphrase”. This was a complete surprise. I tried to do everything I could to be prepared before this whole process, to prevent surprises. I did not know if I could record or change the passphrase later, all knowing I am in the middle of a process that I knew will time-out on me. This situation is exactly what I worked so hard to prevent. I figured that I had to deal with the passphrase at that moment. The passphrase that was given was a short cryptic code. I use cryptic codes exclusively for all my passwords. But not when a timer is ticking down. I do not even know what the passphrase is used for. How do I copy the app generated passphrase on my smartphone since I have never used a smartphone before? I chose the option to create my own. I hate the tiny keyboard. That took some time to use that keyboard. Then I recorded the passphrase I created. I then continued on the Auth0 Guardian phone app. Continuing from there on the phone app there was nothing more that I could do. It appeared I was done with the phone app but I really did not know. I then went to my computer screen. The authentication process timed-out. SHOCK. I thought I was locked out of my brokerage account. There was a link on the time-out page to restart the authentication process. That was a huge relief. I clicked on that restart link. Took me to the very beginning pre-enrolment authentication page. I clicked the “update now” button as I did at the very beginning to start the process all over again. The next page stated I had completed the pre-enrolment authentication process. There was nothing more I could do. I think this ended well. I think the process was somehow completed successfully. No way to know till September 22 deadline. I cannot redo it.
You people need to remedy the surprise passphrase setup when an expiration timer is running. That is just not right. It creates a large amount of stress. I just do not think your app will be successful long term when it creates such stress for common users when there is an expiration timer is running. When a countdown expiration timer is ticking down is not the time to demand dealing with a passphrase or any other security detail. A security app should not create stress for users. That is what users will remember. Even if it ends well.

Hi @opaquebrace,

Sorry to hear about the unnecessary stress. That is certainly not the intended goal of any part of the process. It should be somewhat self paced, I am surprised that there is any part that would time out like that, unless you were doing over a long period of time (like more than 24 hrs). The one time passwords expire, but you would be immediately issued a new one, there is no expiration on the session, just a new code.

I am not sure what the passphrase part of the application is. It might be a custom option that was created by the brokerage, it is hard to say without seeing it.

A lot of this process is controlled by tradestation. It may be best to give them a call and confirm that everything is working, so you aren’t locked out when the deadline hits. If you have issues I am happy to jump on a call too.

The passphrase was not in any of the documentation or video from the brokerage. The passphrase came up in the Auth0 Guardian phone app on my phone. The passphrase did not come up on the broker website. I did not think the brokerage had any control of the development within the app installed on the phone that was downloaded from google play. I rechecked the setting on the app. Nothing about a passphrase. Perhaps there was a very late updated to the app in google play.
That is all I know. Thanks for all the help. If I have trouble in the future I will post again.