Two-Factor Authentication, or “2FA” for short, helps secure your login from being compromised by adding an extra layer of security to the login process. Even if someone managed to discover your password, the odds that they also have access to your cell phone are slim and, with 2FA enabled in your profile, they still won’t be able to login as you.
NOTE: 2FA must be enabled in your profile to work at all. If not enabled, which is the default, you will login using the usual email and password combination.
How to Enable 2FA in your Profile
- Go to your user profile by clicking your name at the top-right and clicking “Edit My Profile“
- At the top of your profile, click the toggle switch to “Enable Two-Factor Authentication
How 2FA Works
Once enabled in your profile, logging in from a machine that hasn’t logged-in before, SecureDB will ask you to enter the “One Time Passcode.” That passcode will be sent to your mobile phone number, entered in your profile via SMS (if you’ve entered it).
You also have the option for the One Time Passcode to be sent to the email address set in your profile. Just click the button that says “Email me the code.”
Enter the One Time Passcode in the input field and click “Login.”
Once logged-in, SecureDB will remember the device and treat it as safe for 30 days.
Who has 2FA Enabled?
From the Users table (if you have access to that), you’ll see a little “shield” font icon next to the role of each user who has 2FA enabled in their profile. It is recommended that users with a role that has a lot of sensitive permissions, have 2FA enabled in their profile for security reasons.
What about Single Sign-On (SSO)?
If you’re using SSO to access SecureDB, Two-Factor Authentication is not used. That authentication would be managed by the SSO provider of your choice, Google or Microsoft.
