All companies are variously looking at security measures mainly prompted by GDPR here in Europe but also for ISO certification among others. 2-Step is regularly also referred to as 2-Step Authentication, 2FA (2 factor authentication) or MFA (multi factor authentication) among others. There are multiple approaches to account security, you probably have experience of some versions through backup email addresses, texting or SMS security codes, security questions etc. AutoEntry also has the option of using 2-Step authentication if you require it.
AutoEntry uses a combination of security measures (as most do) for our 2-step verification. It is optional and can be set per user. We use a combination of email, verification codes via SMS text message and security questions.
We have 3 codes that are used during this process:
Recovery Code - Provided to the user when 2FA is switched on. This is to be kept safe by them. It can be reset by the user but cannot be retrieved by AutoEntry.
Reset Code - SMS code sent when/if resetting password (forgot password)
Verification Code - SMS code sent to verify account after a password reset.
The main procedure for this is as follows:
Go to User Profile.
Add answers to the security questions.
Turn on 2-step under the separate 2-step tab. Your account password is required to confirm.
A verification code is sent to the designated mobile phone which needs to be entered to verify the account.
A recovery code is produced in AutoEntry for the user to keep safe.
When the security questions have been answered, they disappear from the account. If someone was to log in using the users' account (billing or standard user), the answers are not visible but… they can be changed. Keep your account log-in details private. If several colleagues share a login, we strongly recommend separate accounts. There is no charge for adding users in AutoEntry.
Under the 2-step tab, 2-step can be turned on and off if required. A new Recovery code can be generated at any time if required by the user there also.
If 2-step is activated and turned on, turning it off in the future will still require a reset code if a password is forgotten - Sent by e-mail instead of SMS text.
If all steps fail (username and password, forgot password, no SMS codes - e.g. lost phone), you must contact AutoEntry support. Security questions are confirmed and a mail is then sent to the user to re-activate their account.
Quick Step by Step Processes
Turn on the feature in User Profile.
Enter current password for confirmation.
Answer 4 security questions for use in accessing account if all else fails.
AutoEntry provides a recovery code to keep safe for access.
After Logging into AutoEntry:
If the wrong password is entered, click forgot password and an is email sent and reset SMS code sent separately to phone.
New password entered and reset SMS code.
Incorrect SMS code or no access to phone? - 'No code' option is available.
No SMS code (lost phone). Click ‘no code’, and a new page starts to enter Recovery Code.
No Recovery Code? Contact AutoEntry Support directly. Phone support only. Security answers will be confirmed and unlock email will be sent to users email address.
Main Login Forgot Password Process
No 2- Step Authentication Active:
Click Forgot Password
Follow the link in the email
Set up a new Password and confirm
2-Step Authentication Active:
Click Forgot Password and follow the link in the email
Enter a new password and confirm
Next screen, enter SMS code (automatically sent)
If you do not receive the text for any reason (old phone number / lost phone / incorrect phone details entered) click ‘I don’t have code’ option available to enter Recovery Code
Set up a new password and confirm
If 2-Step Authentication was previously active but no longer:
Same as if 2-step was active but SMS reset password code sent by separate email instead.