Skip to main content
All CollectionsHRCompany section
Managing two-factor authentication (2FA)
Managing two-factor authentication (2FA)

How to configure 2FA for employees within your Breathe account

Russell avatar
Written by Russell
Updated over a month ago

Video: Why 2FA is important, how it works & how to set it up

This guide is for Admin and HR users.

Two-factor authentication (2FA) adds an extra layer of security to your Breathe account and employees by requiring an additional step during the login process. This usually involves a second device, such as a mobile device to verify your identity. Why is 2FA important?

You can choose whether to enable 2FA as a requirement at the account level for all employees or specific groups.

Employees can still choose to enable 2FA in their user preferences if it's not enforced at the account level.


Enforcing 2FA at the account level

To make 2FA mandatory for select employees, follow these steps as the Admin user:

Navigate to: Configure > Settings > Security > Two-Factor Authentication.

By default, all users are set to 'off' for 2FA, but you can select which permission types should have 2FA enabled.
​

You can enable 2FA for HR users, Line managers, or Finance users individually. However, to include employees or team members, 'everyone' must be switched on.

Employees can still choose to enable 2FA in their user preferences if it's not enforced at the account level.

When enabling 2FA at the account level, a confirmation message is displayed which must be actioned before the change is applied.


Controlling 2FA at user level

If 2FA isn't enforced at the account level, employees can opt to enable it themselves.

This can be done by navigating to your profile > User preferences > Enable the 2FA toggle.

If the 'Enable 2FA' option is greyed out and set to 'On', it's because 2FA has been made mandatory at the account level.


How does an employee set up 2FA?

An employee can set up 2FA by following the setup instructions provided below:


Resetting 2FA for a user

If you need to reset 2FA for a single user, go to their profile > User access tab > Click the Reset button.


Disabling 2FA

Disabling 2FA in settings after user setup will remove the mandatory requirement for this additional layer of security.

2FA will remain on for all users and they can manage their individual 2FA settings from the user preferences tab within their Breathe profile.

You cannot disable 2FA on behalf of an employee within their user preferences.


Reporting on 2FA

To view the 2FA status of your employees at a glance head to your reports area...

Reports > HR Reports > Two Factor Authentication (2FA)

Here you will see a list of your employees and their 2FA status


Why is 2FA important?

Two-factor authentication (2FA) greatly improves account security by asking for a second type of verification besides just a password.

This method reduces the inherent risks in using only passwords, which can be vulnerable to various cyber-attacks such as phishing, brute force, or even data breaches where passwords may have been exposed.

With 2FA, even if an attacker gets your password, the extra layer of security helps stop unauthorised access, as the attacker would also need access to the second factor - usually a mobile device or security key. This added layer works as a vital barrier, making it much harder for cybercriminals to break into accounts, thus protecting sensitive data and personal information stored in cloud-based software.

Setting up 2FA is a simple yet effective step towards creating a more secure digital environment for your company and employees.


FAQs

Q: An employee has a new device – how do they log in?

A: An HR user can reset their 2FA via the user access tab on their Breathe profile. The employee will then be prompted to set it up again on their new device.

Q: What if an employee cannot download an authenticator on their mobile device?

A: They can download an authenticator to their PC or browser via an extension. Here are some examples:


We're here to help

Any further questions? Simply drop us a message using the messaging feature at the bottom right of your screen πŸ’¬

Did this answer your question?