What is Two-Factor Authentication (2FA) and how do I turn it on?
Two-factor authentication (2FA) is a method of establishing access to Neoserra that requires the user to provide two different types of information.
A factor simply means "some information" that will convince the online service that you are who say you are, so that Neoserra can determine if you have the rights to access the system, or not. One bit of information is, of course, the combination of username and password. With two-factor authentication, you'll need to provide your username and password, and you will need to prove your identity some other way. This other way is done via your smartphone. After entering a username and password to access Neoserra, the user is then sent a numeric code as a text message to a phone number or, if no mobile number is provided then to an email address that was provided when setting up the account. The numeric code is the second piece of "information" necessary to gain access to Neoserra and will need to be entered in the interface provided.
Note: It is important that both the mobile phone number and/or email address in the user account record is accurate. Invalid phone numbers and/or email addresses may prevent the user from being able to receive the authorization code.
Users will not need the second bit of information each and every time they log in. They will need to provide a new authentication when:
- They log in for the first time after 2FA has been enabled.
- Anytime they delete their cookies.
- Anytime they login from a different browser and/or different device.
- Every 90 days the cookie is set to expire.
Neoserra will support email delivery of codes through 2021, however, this method is less secure than SMS. Starting on January 2022, the only option to receive the code will be via SMS. Between now and January 2022, it is important to capture mobile phone numbers for all of your active users. Active users can add their own mobile phone numbers under their Personal Preferences.
How to enable 2FA?
As a Neoserra administrator, in administrator-mode, you can turn on 2FA under the Administration|Configuration menu option and then clicking on the "General" panel. Edit the general settings page, and you will see the "Account Policy" section:
Check the box titled: "Require two-factor authentication?" and all users will be required to provide a code the next time they log in. Turning this feature on will not disturb users currently logged in.
As passwords have become increasingly less secure, whether through data breaches or poor user practices, Neoserra will start to require 2FA as of January 1, 2021. Until then, you can either turn this feature on, or off, based upon your own internal security policies.
How does it work?
Once 2FA has been enabled, then a user will go to the login page as normal and enter their username and password:
The user will then click the "Sign-in" button to get to the next screen:
The authentication code will be sent to the mobile phone number on file for the user. If no mobile phone number has been entered, then the code will be emailed to the user. If, for whatever reason, the user does not receive the code, then they may ask to resend it either via SMS or via email. The code will expire one hour after it has been generated. If you have not logged in within that time frame you will need to request a new code.
Assuming that the correct code has been entered, then, upon clicking "Save," the user will be logged into Neoserra.
What about password reset?
Users can click on the "Forgot password?" link on the Neoserra login page if they have forgotten their password. They will need to enter their username or email address on file, enter the Captcha shown on the screen and click "Submit:"
Next, they will be sent an email providing them with a link to reset their Neoserra password:
A minimum password length of 10 characters will be enforced and password complexity will require the use of characters, digits and specialty characters. Upon entering the password correctly twice, the user will be logged into Neoserra with their new password. They will not be required to do 2FA during this password reset login process. However, the next time, when they login again, the user will be required to provide a second credential to be authenticated again.
Want more? Browse our extensive list of Neoserra FAQs.