EntireOnHire l

Main Masters - Two-Factor Authentication

Introduction

Two-Factor Authentication (2FA) is a security feature integrated in the Entire OnHire staff portal. This will provide extra security to prevent unauthorised access to your account. The Single-Factor Authentication (SFA) usually uses one factor, i.e., password, to recognise you. There are possibilities of unauthorised access to your account if the password gets leaked inadvertently.

To secure your account, we have brought 2FA. In addition to the combination of a username and password, you can now choose the security layer of your choice to enable authorisation checks to your accounts. This will ensure it is only you who is accessing your account and not the hacker who is pretending to be you. The authentication methods provided under 2FA are -

  • email address,

  • security questions, and,

  • authenticator app (SMS)

With 2FA being enabled on your account, a combination of password and your chosen security check will be used to log you in. Now only you can access your account after successfully passing through these additional security checks.

How does Two-Factor Authentication (2FA) work?

Here's how the Two-Factor Authentication works:

1. The user is prompted to log in to the Entire OnHire staff portal. The user enters username and password. Then, the site's server finds a match and recognizes the user.

2. The site then prompts the user to initiate the second verification step. According to the chosen validation mode, any of the following will follow -

a. either a verification code will be sent either via the email ID or an SMS, or,

b. the user will be asked to answer the security questions.

If logging in for the first time, the user will be prompted to set the security questions and choose a default authentication method.

3. If the user is unable to access the security code sent via the default mode, Click on Didn’t get a verification code, and, choose any of the convenient options.

3. After providing both the authentication factors, the user is authenticated and granted access to the staff portal.


How can the Admin enable Two-Factor Authentication (2FA)?

Two-Factor Authentication settings can be done by the admin in following way-

1. Go to Masters → Main Masters → Two-Factor Authentication.

2. Under 2FA Settings, following could be done -

  • Enable/disable the 2FA by ticking/ unticking the checkbox.

  • Select preferred Default validation mode for the users who sign in for the first time after the activation of 2FA on their accounts.

  • Select the desired Email template through which security code will be sent.

  • Enter preferred number of days for which the 2FA will remain active. Once this allotted period has expired, the user will be required to verify again either through security code or security questions.

3. Under Security questions, following can be done -

  • new security questions can be added, or,

  • the existing ones can be edited or deleted, or,

  • any of the existing questions can also be disabled by setting their status as INACTIVE.

Any of the security questions which are already in use cannot be edited. Although such questions can be deleted, it’s highly recommended not to reset any of the security questions-in-use unless avoidable.

How can a User update Two-Factor Authentication (2FA) settings?

A user can update the Two-Factor Authentication settings by following way-

1. Go to Two-Factor Authentication Settings under the top-right menu.

2. The user can do the following on this window -

  • choose any of the default authentication methods,

    • Authenticator app (SMS)

    • Email

    • Security questions

  • enter the mobile number to receive SMS for security code,

  • choose any two security questions from the drop-down and fill answers for each of them, and,

  • Save the settings.

The saved 2FA settings will be applicable for the respective user.

 

Release Notes vX5.0

 

Copyright © 2023 Entire OnHire