Multi Factor Authentication (formerly 2FA or Two Factor Authentication) is where you need an additional bit of information like a one-time use code in addition to your username and password to login. It greatly enhances the security of your account. We have followed industry best MFA practices.
What it Does
- Secures your account by requiring the code from an authentication app or hardware key.
- Allows for recovery using offline recovery codes and/or an SMS recovery code.
- Periodically requires a new code for each browser session (default is every 30 days).
What it Doesn't Do
- Save your passwords or other credentials.
- Generate passwords. We highly recommend the use of strong passwords and/or the use of password managers like LastPass.
Table of Contents
Enable MFA on your account
- In the upper right, click your name.
- In the dropdown menu, click Profile/Password.
- Scroll down and click the Enable Multi-factor authentication button and click OK to confirm.
- On the MFA screen, click Setup MFA and Access Your Account.
- Follow the instructions to download and install an MFA app if you don't have one already.
- Now open the MFA app (such as Google Authenticator or Authy) on your smartphone.
- Scan the QR code to add the account to your smartphone.
- In the Code field in RepairShopr, enter the Code shown in your authenticator app.
- Click Enable Multi-factor Authentication.
- You may get a screen asking you to enter a Multi-factor Code again. Check your authenticator app in case the code changed, enter the code, and click Verify.
- Great! Now it's enabled. Now click Download Recovery Codes to do that and put them somewhere very safe. You cannot access your account with these if you lose access to that Authenticator Profile you just added.
- After saving the codes, click Next.
- Now you should really also setup a mobile recovery option. Enter your mobile number and click Confirm Recovery Mobile.
- Enter the code you receive on your mobile phone.
- Click Confirm.
Now you are done setting yourself up.
Enforce MFA on all accounts
If you want, you can enforce MFA for everyone in your company, but only if you are a global admin. WARNING: Once you enable it, they are immediately forced into this setup wizard, so time it when everyone is ready to set it up or you might lock people out.
- Navigate to Admin > App Center.
- Scroll down to the MFA card and click Multi-factor Authentication.
- Click the Require all users on account to setup Multi-factor Authentication checkbox.
- Click Save.
You can see which users have enabled it here too.
Change time setting to reauthorize MFA
All users under your account will be prompted to re-enter an MFA code every 30 days, on all devices and browsers, by default. You can make this more frequent as follows.
- Navigate to Admin > Employees - Preferences.
- Click the MFA Time Setting dropdown and select the desired timeframe, from 1 hour to 30 days.
- Click Save.
Once that time setting elapses for a user, they will need to enter an MFA code from their authenticator app, regardless of their activity or inactivity. Even if users leave browser tabs open with sessions running, our system checks on every web request.
If someone gets locked out, an admin on your account can "unlock" a user account by following these steps:
- Navigate to Admin > Users > Details for the tech who is locked out
- Click Change Password in the upper right
- When prompted, enter your own password to gain access to the edit page
- At the bottom of the page, click Disable Multi-factor authentication
If you repeatedly encounter an Attempt Failed error message when entering your MFA code, it's likely that one of the following is the cause:
- Double-check that you have entered the correct code using the correct MFA Authenticator App.
- A time de-sync from the device that is running the Authenticator App is causing incorrect codes to be shown.
a. Check the device’s time for accuracy. Even a one or two minute discrepancy can cause issues.
b. Power the device off, then turn it back on (simply restarting doesn’t always update the time correctly).
c. Check the device's Time Settings to ensure it's in the correct time zone.
d. Attempt to log in once more, using the MFA codes from your Authenticator app. Since the device time is now verified to be accurate, it should work as expected and log you in.
Hardware Security Keys
A hardware security key is a physical device used as a second
authentication factor to enhance security. It generates a unique code
for each login attempt, which is required in addition to the user's
password or biometric data. Security keys are commonly used in
two-factor authentication (2FA) or multi-factor authentication (MFA)
protocols, which require users to provide at least two forms of
authentication to access a system or device.
Hardware Security Keys Setup Instructions
- Log into your RepairShopr account
- Access the Profile/Password page (Click on profile/password in your username menu)
- Click Hardware Security Keys at the bottom of the page
- Give the security key a unique name
- A unique name should help you identify what key to remove in case you lose a key
- Click Register
- Your browser will present you with the rest of the setup screen. It should give you options for both hardware keys (YubiKeys, Titan Keys) as well as platform keys (Windows Hello, TouchID, FaceID)
- Click Add Security Key
- Add additional keys to reduce the likelihood of getting locked out if you lose or misplace a key
What Keys are supported?
- Any FIDO U2F key is supported (YubiKey, Google Titan Keys)
- Any hardware+OS that supports WebAuthN
Can I use more than one key?
- Yes, you can add as many keys as you want. It’s a good idea to have a backup key in case one is lost.
Can I use a key more than once?
- On different apps (Like Okta or Github) - Yes, you can use the same key for multiple platforms.
- On RepairShopr using different RepairShopr Accounts? - Yes, as long as it’s for a different account. You cannot use the same key twice on the same RepairShopr account. This means that users cannot share a key on the same RepairShopr Account.
Can I use still use regular MFA if I enable this?
- Yes. There is a button on the Security Keys MFA login page that allows you to use your authenticator app for login instead.
Will hardware keys completely stop a bad actor from accessing my account?
- Unfortunately not. However, it is likely to slow them down and require them to find other ways to gain access.
Can hardware keys share the same nickname?
- No. Every hardware key on your account must have its own unique nickname.