2FA
  • 05 Sep 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

2FA

  • Dark
    Light
  • PDF

Article summary

If you are not signing in with secure passkeys, but using a password then please enable 2FA on your account for your account security.

Enhance Your Security with Two-Factor Authentication (2FA)

In today's digital age, securing your online accounts is more critical than ever. One of the most effective ways to protect your accounts from unauthorized access is by enabling Two-Factor Authentication (2FA). 2FA adds an extra layer of security, making it significantly harder for cybercriminals to gain access, even if they have your password.

What is Two-Factor Authentication (2FA)?

Two-Factor Authentication is a security process that requires two different forms of identification before granting access to an account. Typically, this involves something you know (your password) and something you have (a secondary form of verification). This dual verification process ensures that even if your password is compromised, an attacker would still need the second factor to access your account.

Option 1: Visma Authenticator App with Push Notifications

The recommended method is Push-based notifications for 2FA. It leverages mobile notifications to enhance security. It differs from other 2FA methods in that it doesn't require you to manually input any code; instead, the system sends a push notification to your mobile device, prompting you to Approve or Deny access.

Option 2: Authenticator Apps with Time-Based One-Time Passwords (TOTP)

Another popular method for 2FA is using an authenticator app that generates Time-Based One-Time Passwords (TOTP) - 6 digit numeric codes. Apps like Visma/Google/Microsoft Authenticator are popular choices for this method. Here's how it works:

Set Up the Authenticator App: After installing the app on your smartphone, link it to your account by scanning a QR code.

Generate TOTP Codes: The app will generate a unique, temporary code every 30 seconds.

Enter the Code: When logging in, after entering your password, you'll be prompted to enter the current code from the authenticator app.

This method is highly secure because the code changes frequently and is only accessible on your registered device. Even if an attacker knows your password, they won't be able to log in without the code from your authenticator app.

Option 3: SMS-Based 2FA

Another common form of 2FA is SMS-based authentication. In this method, a verification code is sent to your mobile phone via SMS each time you log in.

Here’s how it works:

Enter Your Password: Start by entering your password as usual.

Receive an SMS Code: A unique 6-digit code is sent to your registered mobile number.

Enter the Code: Input this code into the login prompt to gain access.

While SMS-based 2FA is convenient and easy to set up, it is generally considered less secure than authenticator apps. The primary risk is SIM swapping, where an attacker tricks your mobile carrier into transferring your phone number to a new SIM card. Once they have control of your number, they can receive your 2FA codes and potentially access your accounts.

Option 4: Security Keys

Security keys are physical devices used to authenticate during the login process. These keys leverage public-key cryptography to verify your user account. Commonly, security keys are USB devices.

Here’s how it works:

Enter Your Password: Start by entering your password as usual.

Tap Key: You will be prompted to enter your Security Key and tap its sensor to verify the signature of the Key.

2FA security keys offer strong protection against phishing and keylogging, simplifying authentication. Yet, their initial cost and device dependency can hinder adoption, requiring users to carry physical keys and maintain backups. While they boast broad compatibility, user education and trust remain obstacles to widespread acceptance.

Enhancing Your 2FA Experience: Remembering Devices for 30 Days

Two-Factor Authentication (2FA) significantly boosts your account security by requiring a second form of verification. While 2FA is essential for protecting your accounts, the need to enter a verification code each time you log in can sometimes be inconvenient. To balance security with user convenience, we offer a "Remember this device for 30 days" option. This feature allows you to bypass this requirement on trusted devices for 30 days. Once you’ve verified a device, you won’t need to enter a 2FA code on that device for the next 30 days, making frequent logins more convenient. After this period, or if you clear your browser cookies or use a different browser, you will be prompted to re-enter your 2FA code.

One-Time Emergency Code

We provide a one-time emergency code as a backup method for 2FA. This code can be used if you lose access to all your 2FA methods, such as your phone or authenticator app. When setting up 2FA, you'll often receive a one-time emergency code that you should store securely. This code is single-use and can help you regain access to your account in emergency situations. It’s crucial to keep the code in a safe place, such as a password manager or a secure physical location, to ensure you can always access your account when needed.

Choosing the Right 2FA Method

While both methods significantly enhance your account security compared to using a password alone, using an authenticator app is generally the better choice.

Authenticator apps offer a higher level of security because the codes are generated locally on your device and are not transmitted over potentially vulnerable channels like SMS.

Conclusion

Enabling 2FA is a crucial step in protecting your online accounts. Whether you choose an authenticator app with TOTP or SMS-based 2FA, adding this extra layer of security will help safeguard your personal information from unauthorized access. For the highest level of security, opt for an authenticator app.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.