🛠️ How to set-up two-factor authentication (2FA)
How Firmcheck uses two-factor authentication to boost the security of your account.
What is two-factor authentication?
2FA provides an additional level of security to your Firmcheck account by using a one-time password from your chosen authentication app, likely on your mobile. It is designed to ensure that you're the only person who can access your account, even if someone else knows your password.
How it works
When 2FA is enabled, you will use both your password and a one-time code provided by your chosen authenticator app to access your account.
Authenticator apps are downloadable from your mobile device’s app store - common ones are provided by Google, authy and 1Password.
While you may have chosen a strong password, this is only one layer of security to protect your account. Enabling 2FA, provides an additional layer of security on your account and your client information that is stored in Firmcheck.
Do I need 2FA?
2FA is currently voluntary at a firm and individual level. Although we strongly recommend you enable it to ensure your data is further protected.
How to enable 2FA
Navigate to your account dashboard.
Click the drop-down at the top right of the screen and click User Settings.
Under Two-Factor Authentication, click "Enable Two-Factor Authentication."
A pop-up window will open that displays a QR code.
Open your chosen authenticator app and follow the prompts — it will usually ask you to scan the QR code on the screen.
Your authenticator app will display a code; enter that into the verification code area in Firmcheck.
Then click Verify and Enable.
You've now enabled 2FA on your account.
When you log out and log back in, Firmcheck will ask for your email and password. Then in a second screen, it will ask you to enter your 2FA code.
To disable, go back to your user settings area, click disable and confirm your selection.
Frequently asked questions
How do I monitor which staff have 2FA enabled?
If you have administration access, navigate to the staff area. Next to staff names, for those who have 2FA enabled, will be a tag that shows ‘2FA’ against their name.
Can I enforce 2FA for all staff?
Not currently, you can monitor who has it enabled from the staff screen.
What if a staff member loses their ability to use their authenticator app and cannot access their account?
As an administrator, navigate to that staff member’s account in Firmcheck by clicking the three dots next to their name in the staff area. At the bottom of the screen, click ‘Disable 2FA’. This will then allow the staff member to reset their 2FA.