All companies are variously looking at security measures mainly prompted by GDPR here in Europe but also for ISO certification among others. 2-Step is regularly also referred to as 2-Step Authentication or MFA (multi factor authentication) among others. There are multiple approaches to account security, you probably have experience of some versions through backup email addresses, texting or SMS security codes, security questions etc. AutoEntry also has the option of using 2-Step authentication if you require it.
AutoEntry uses a combination of security measures (as most do) for our 2-step verification. It is optional and can be set per user. We use a combination of email, verification codes via SMS text message and security questions.
*** Note *** We have 3 codes that are used during this process:
- Recovery Code - Provided to the user when 2-step is turned on. To be kept safe by them. Can be reset by the user but cannot be retrieved by Ocrex.
- Reset Code - SMS code sent when/if resetting password (forgot password)
- Verification Code - SMS code sent to verify account after a password reset.
The main flow is as follows:
- Go to user profile
- Add answers to security questions
- Turn on 2-step under the separate 2-step tab. Account password required to confirm.
- A verification code is sent to the designated mobile/cell phone which is to be entered to verify the account.
- A recovery code is produced in AutoEntry for the user to keep safe.
- When the security questions have been answered they disappear from the account. If someone was to log in using the users' account (billing or standard user), the answers are not visible but… they can be changed. Keep your account log-in details private. If several colleagues share a login, we strongly recommend separate accounts. There is no charge for adding users in AutoEntry.
- Under the 2-step tab, 2-step can be turned on and off if required. A new Recovery code can be generated at any time if required by the user there also.
- If 2-step is activated and turned on, turning it off in the future will still require a reset code if a password is forgotten - Sent by e-mail instead of SMS text.
If all steps fail (username and password, forgot password, no SMS codes - e.g. lost phone), you must contact AutoEntry support. Security questions are confirmed and a mail is then sent to the user to re-activate their account.
Quick Step by Step processes:
Basic Flow –
- Turn on the feature in user profile
- Enter current password for confirmation
- Answer 4 security questions for use in accessing account if all else fails
- AutoEntry provides a recovery code to keep safe for access
On Log in to AutoEntry –
- If the wrong password is entered - click forgot password - email sent and reset SMS code sent separately to phone
- New Password entered and reset SMS code
- Incorrect SMS code or no access to phone/cell? - 'No code' option is available
- No SMS code (lost phone) - click ‘no code’ - New page starts to enter Recovery Code
- No Recovery Code? Contact AutoEntry Support direct. Phone support only. Security answers will be confirmed and unlock email will be sent to users email address.
Main Log-In Forgot Password process –
No 2- Step Active:
- Click Forgot Password
- Follow the link in the email
- Set up a new Password and confirm
- Click forgot password and follow the link in mail
- Enter a new password and confirm
- Next screen, enter SMS code (Auto sent)
- ‘I don’t have code’ option available to enter Recovery code
- Set up a new password and confirm
If 2-step was previously active but no longer:
- Same as if 2-step was active but SMS reset password code sent by separate email instead.