What is Two Factor Authentication?
Two Factor Authentication, abbreviated to 2FA or sometimes known as Two-Step Verification, is a well known security feature used to reduce the risk of a unauthorised person from gaining access to your Akkroo dashboard account.
There are many reasons to guard your data carefully from malicious people, so we would always recommend you turn on 2FA where possible.
Typically you might be familiar with two factor authentication if you use online banking. If your bank supplied you with a device that generates a code, required in addition to your password, that's an example of two factor authentication.
How to enable 2FA on your Akkroo Dashboard account
2FA is an "add on" feature; please contact your Account Manager if you wish to use it. Once 2FA has been enabled:
In order to make use of the security benefits of 2FA on your Akkroo account, in addition to knowing your normal email address and password, you will also need to install an Authenticator App on a mobile or tablet you personally own and use (not a shared device). There are many options, but the most well known are:
- Google Authenticator - Android | iOS (free)
- Authy - Android | iOS | Mac | PC (free)
- 1Password - Android | iOS | Mac | PC
Once you have downloaded and installed the application to your device, follow the instructions inside the Akkroo dashboard in the Security > 2FA section to turn on two factor authentication.
Why turning on 2FA is more secure than not turning on 2FA
The best way to explain the security benefit is break down the phrase "Two Factor Authentication" into parts.
"Two Factor" refers to requiring you (the user) to use of two independent, different methods to successfully verify you are who you say you are and log-in to your account.
Our Two Factors
The first factor is your email and password combination, as you normally would use. The second factor in Akkroo's case is an additional, time-sensitive security code generated by a special app you download to your own mobile device. You are required to enter this code generated by the app to access your account, once your email and password has been accepted.
Individually, either of these two "factors" are good account protection, however when you set your account to require both factors in order to login, then you greatly reduce the chance of someone getting through both layers. This is widely accepted in security circles as a good method for securing online accounts.
A second factor can be any number of different types of authentication, but crucially the two factors should have different characteristics. For example, 2FA generally doesn't use two factors that each rely on a plain password, because unless you store them both very separately, there is a good chance both could be guessed.
For our second factor, we use a system called TOTP (Time-based One Time Password). All that means in the real world is that you have an app, we link to your account, that generates a new 6-digit code every 30 seconds.
Effective Two Factor Authentication
The most effective system is created when the two factors come from different factor categories (listed below) because each has different secure characteristics:
- Something the user knows (e.g., a password, pass phrase, security question)
- Something the user has (e.g. wrist band, ID card, TOTP security code, cell phone with built-in hardware token, software token, or cell phone holding a software token)
- Something the user is or does (e.g. fingerprint, eye, signature, face, voice).
Our choice of factors was made on the basis that username/password is a very well known and widely accepted factor, and that TOTP security codes are easily generated by anyone with smart phone. It also requires the individual to be in possession of the phone, and cannot be guessed as easily as the password. These two methods combined create a secure account.
How 2FA works inside the Akkroo Dashboard
When you login using your email and password you will then be asked to enter a security code generated by the Authenticator App on your mobile device.
What are the requirements for 2FA and an Akkroo account?
You will need to have a smart phone or device on which you can install as an Authenticator App. A list of apps can be found above.
If your account owner (or you as account owner) enforce 2FA, all dashboard users on the account will be required to setup 2FA before they can next login. This could be a problem if any member of your team does not have access to a smart phone or other device on which they can install an Authenticator App.
What happens if I lose the device containing the Authenticator App I use for 2FA?
When you setup 2FA on your Akkroo dashboard, we supply you with a set of single-use Emergency Recovery Codes that can be used to gain access to your account instead of using a security code from the Authenticator App.
If you lose the Emergency Recovery Codes and the Authenticator App you will not be able to gain access to your account.
You will need to contact the Account Owner of your account. or if you are the Account Owner, you will need to contact our customer success team.