This guide is for Admin and HR users.

Two-factor authentication (2FA) adds an extra layer of security to your Breathe account and employees by requiring an additional step during the login process. This usually involves a second device, such as a mobile device to verify your identity. Why is 2FA important?

You can choose whether to enable 2FA as a requirement at the account level for all employees or specific groups.

Employees can still choose to enable 2FA in their user preferences if it's not enforced at the account level.

To make 2FA mandatory for select employees, follow these steps as the Admin user:

Navigate to: Configure > Settings > Security > Two-Factor Authentication.

By default, all users are set to 'off' for 2FA, but you can select which permission types should have 2FA enabled.
​

You can enable 2FA for HR users, Line managers, or Finance users individually. However, to include employees or team members, 'everyone' must be switched on.

Employees can still choose to enable 2FA in their user preferences if it's not enforced at the account level.

When enabling 2FA at the account level, a confirmation message is displayed which must be actioned before the change is applied.

If 2FA isn't enforced at the account level, employees can opt to enable it themselves.

This can be done by navigating to your profile > User preferences > Enable the 2FA toggle.

If the 'Enable 2FA' option is greyed out and set to 'On', it's because 2FA has been made mandatory at the account level.

An employee can set up 2FA by following the setup instructions provided below:

If you need to reset 2FA for a single user, go to their profile > User access tab > Click the Reset button.

Disabling 2FA in settings after user setup will remove the mandatory requirement for this additional layer of security.

2FA will remain on for all users and they can manage their individual 2FA settings from the user preferences tab within their Breathe profile.

You cannot disable 2FA on behalf of an employee within their user preferences.

Two-factor authentication (2FA) greatly improves account security by asking for a second type of verification besides just a password.

This method reduces the inherent risks in using only passwords, which can be vulnerable to various cyber-attacks such as phishing, brute force, or even data breaches where passwords may have been exposed.

With 2FA, even if an attacker gets your password, the extra layer of security helps stop unauthorised access, as the attacker would also need access to the second factor - usually a mobile device or security key. This added layer works as a vital barrier, making it much harder for cybercriminals to break into accounts, thus protecting sensitive data and personal information stored in cloud-based software.

Setting up 2FA is a simple yet effective step towards creating a more secure digital environment for your company and employees.

Q: An employee has a new device – how do they log in?

A: An HR user can reset their 2FA via the user access tab on their Breathe profile. The employee will then be prompted to set it up again on their new device.

Q: What if an employee cannot download an authenticator on their mobile device?

A: They can download an authenticator to their PC or browser via an extension. Here are some examples:

We're here to help

Any further questions? Simply drop us a message using the messaging feature at the bottom right of your screen 💬