Multi Factor Authentication (formerly 2FA or Two Factor Authentication) is where you need an additional bit of information like a one-time use code in addition to your username and password to login. It greatly enhances the security of your account. We have followed industry best MFA practices.
What it Does
- Secures your account by requiring the code from an authentication app.
- Allows for recovery using offline recovery codes and/or an SMS recovery code.
- Periodically requires a new code for each browser session (default is every 30 days).
What it Doesn't Do
- Save your passwords or other credentials.
- Generate passwords. We highly recommend the use of strong passwords and/or the use of password managers like LastPass.
Table of Contents
Enable MFA on your account
- In the upper right, click your name.
- In the dropdown menu, click Profile/Password.
- Scroll down and click the Enable Multi-factor authentication button and click OK to confirm.
- On the MFA screen, click Setup MFA and Access Your Account.
- Follow the instructions to download and install an MFA app if you don't have one already.
- Now open the MFA app (such as Google Authenticator or Authy) on your smartphone.
- Scan the QR code to add the account to your smartphone.
- In the Code field in RepairShopr, enter the Code shown in your authenticator app.
- Click Enable Multi-factor Authentication.
- You may get a screen asking you to enter a Multi-factor Code again. Check your authenticator app in case the code changed, enter the code, and click Verify.
- Great! Now it's enabled. Now click Download Recovery Codes to do that and put them somewhere very safe. You cannot access your account with these if you lose access to that Authenticator Profile you just added.
- After saving the codes, click Next.
- Now you should really also setup a mobile recovery option. Enter your mobile number and click Confirm Recovery Mobile.
- Enter the code you receive on your mobile phone.
- Click Confirm.
Now you are done setting yourself up.
Enforce MFA on all accounts
If you want, you can enforce MFA for everyone in your company, but only if you are a global admin. WARNING: Once you enable it, they are immediately forced into this setup wizard, so time it when everyone is ready to set it up or you might lock people out.
- Navigate to Admin > App Center.
- Scroll down to the MFA card and click Multi-factor Authentication.
- Click the Require all users on account to setup Multi-factor Authentication checkbox.
- Click Save.
You can see which users have enabled it here too.
Change time setting to reauthorize MFA
All users under your account will be prompted to re-enter an MFA code every 30 days, on all devices and browsers, by default. You can make this more frequent as follows.
- Navigate to Admin > Employees - Preferences.
- Click the MFA Time Setting dropdown and select the desired timeframe, from 1 hour to 30 days.
- Click Save.
Once that time setting elapses for a user, they will need to enter an MFA code from their authenticator app, regardless of their activity or inactivity. Even if users leave browser tabs open with sessions running, our system checks on every web request.
If someone gets locked out, an admin on your account can "unlock" a user account by following these steps:
- Navigate to Admin > Users > Details for the tech who is locked out
- Click Change Password in the upper right
- When prompted, enter your own password to gain access to the edit page
- At the bottom of the page, click Disable Multi-factor authentication