What Is Two-Factor Authentication (2FA)?
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. This process is done to better protect both the user's credentials and the resources the user can access.
Two-factor authentication provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor -- typically, a password or passcode. Two-factor authentication methods rely on a user providing a password, as well as a second factor, usually either a security token or a biometric factor, such as a fingerprint or facial scan.
What kind of 2FA is used in PeopleForce
At PeopleForce, we use two-factor authentication via Software Tokens.
This is a more advanced method that is gaining popularity.
Users need to install the app on their computer or smartphone to get the code. The software dynamically generates codes for the user for a short period of time. After successfully logging into the account, the user needs to open the application and enter the code that the application generated.
Examples of two-factor authentication software are: Google Authenticator, Authy, Microsoft Authenticator.
What are authentication factors?
Authentication factors, listed in approximate order of adoption for computing, include the following:
A knowledge factor is something the user knows, such as a password, a PIN (personal identification number) or some other type of shared secret.
A possession factor is something the user has, such as an ID card, a security token, a cellphone, a mobile device or a smartphone app, to approve authentication requests.
An inference factor, more commonly called a biometric factor, is something inherent in the user's physical self. These may be personal attributes mapped from physical characteristics, such as fingerprints authenticated through a fingerprint reader. Others commonly used inference factors include facial and voice recognition. They also include behavioral biometrics, such as keystroke dynamics, gait or speech patterns.
A location factor, usually denoted by the location from which an authentication attempt is being made, can be enforced by limiting authentication attempts to specific devices in a particular location or, more commonly, by tracking the geographic source of an authentication attempt based on the source Internet Protocol (IP) address or some other geolocation information, such as Global Positioning System (GPS) data, derived from the user's mobile phone or other device.
A time factor restricts user authentication to a specific time window in which logging on is permitted and restricts access to the system outside that window.
How to connect 2FA to PeopleForce
In order to enable two-factor authentication for your account, you need to follow a few simple steps:
Go to ''Account settings.''
2. Scroll down to the "Two-factor authentication" field and click "Enable two-factor authentication".
3. Install Google Authenticator: Android or iOS
4. In the app, select "Set up account" or the Plus (+) sign.
5. Choose "Scan barcode".
Can't scan the code?
Use the tips on the same page, which are written in the second frame to the right of the QR code.
To add the entry manually, provide the following details to the application on your phone.
How to enforce two-factor authentication (2FA) as an administrator
As an administrator, follow these steps to enhance security with 2FA:
1. Navigate to the settings.
2. Scroll down to the "Authentications" section at the bottom of the page.
3. Check the "Enforce two-factor authentication (2FA)" field.
By following these steps, you ensure a higher level of security through 2FA for your employees.
Important!
Two-factor authentication works only with standard log in, through login by username and password.
If you are connecting SSO (Single Sign-On Provider) such as Google Authentication, Microsoft Authentication, etc. then 2FA will not be available.