Two Factor Authentication
You can enable Two Factor Authentication on your account. We strongly advise you to enable this function and before doing so, please read through this whole article so you understand exactly how it works. This enables you to actively be more secure when logging into your account, changing personal details and downloading sensitive data. An extra step will be added when logging in, so instead of only entering in your login credentials, you will be prompted to enter a code, which you will receive via SMS message. This is a unique code every time you log in.
Two-factor authentication provides many business benefits, including improved security. By requiring a second form of identification, SMS-2FA decreases the probability that an attacker can impersonate a user and gain access to your computer, account, or other sensitive resources.
To enable this on your account go to Admin> Login Users> Security Questions. If you have multiple users on your account this will work on a Per User basis so this will need to be enabled separately for each individual user. Only the relevant user has access to their Security measures via the Security questions button.
Underneath the security questions settings you will see SMS settings under heading Update mobile number, simply:
- Enter the phone number to which you want to receive the authentication code each time you log in.
- Tick the "Enable Two Factor Authentication" tick box.
- Ensure you have the correct rate code for SMS, either UK or overseas.
- Click save.
You are now enabled for Two Factor Authentication.
The next time you are logged out and need to log back in, the Two Factor will be in place.
Once you have entered your login credentials this will show:
Enter your unique code that is sent to your mobile device and submit.
If Two Factor Authentication is enabled on your account this is where you will be prompted to enter an SMS code:
- When logging into your account.
- When changing any personal details in Admin> General details. i.e email, telephone number and address.
- When downloading your database in Admin> Maintenance> Download Database.
Currently per user there is a limit of 4 SMS login codes that can be sent per hour. Once this limit has been exceeded you will need to wait 60 minutes before logging into your account again. This is to comply with security regulations. (This limit does not include codes sent to you for downloading your database or changing personal details, only for logging in.)
Receiving your SMS
Your unique code being sent to your mobile device is reliant on telephone signal. You cannot receive the code without this.
We highly recommend that you follow the steps below, especially if you live in rural area and sometimes struggle with SMS signal. There is a function for you to download back-up codes, this will allow you to still log in to your account if you do not receive the code via SMS.
Once you have enabled Two Factor, you will see the link appear below:
Click on this link and it will open up a pop-up. You will be prompted to enter in the password, this is the password you use to log in to Supercontrol. Enter the password ad click validate.
This will then allow you to a) View your backup codes b) Download your backup codes.
There will be 16 backup codes and each can only be used once.
Downloading your backup codes will produce a text file that you can keep somewhere safe. If you print these codes please put them in a safe or a locked drawer.
You can also reset your backup codes by simply going back to the backup codes modal and click the reset button shown below.
Reasons you would re-set your backup codes for the following reasons:
- If you have lost your codes
- If your codes have been compromised
- If you have used them all previously and need to download new ones.
As backup codes that you use, we will remove them from the list.
Now when you log in, if you do not receive the SMS then you can use your backup code by clicking on the new link that has appeared since you downloaded your codes as shown below.
You can then enter your backup code and Submit to log in, or link back to the SMS code page.
Please note: when entering a backup code the *Remember this device for 30 days* will be disabled as you cannot remember a device when using a backup code.
Ticking this option means we will remember the device and the browser you are using and we will not ask you to validate via SMS for another 30 days. As long as nothing changes with your device / browser and our cookies remain.
Please note that we will prompt you to re-validate before the 30 days if you clear your cookies/cached data on your browser and device.