Skip to main content
All CollectionsSecurity
Two-Factor Authentication
Two-Factor Authentication

Making your account more secure than ever before.

Rob Fearn avatar
Written by Rob Fearn
Updated over 5 months ago

As part of our ongoing effort to protect not only your own data, but that of your participants, we’re making Two-Factor Authentication (2FA) available across user accounts on Let’s Do This.

2FA is an authentication method in which a user is required to use two authentication factors before being granted access to an application.

💡 An authentication factor is an authentication property, e.g. a knowledge factor (something you know, like a password or security question), a possession factor (something you have, like an enrolled device), or an inherence factor (something you are, like your fingerprint).

💡 An authenticator is something a user owns or controls and uses to authenticate their identity e.g. biometrics, username/password.

Why?

A recent study by Persona found that 81% of security breaches are caused by stolen or weak passwords.

We’re adding this for a number of reasons:

  • With increasing cyber threats, 2FA provides an extra line of defence, making your account more resilient to unwanted access attempts.

  • 2FA significantly decreases the probability of online identity theft, phishing, and online fraud.

  • Data security is maintained, even when passwords are compromised. Knowing that your account has an extra layer of protection provides a higher level of assurance about the safety of your sensitive information.


v1 Feature Summary

2FA is now available to turn on in your User Profile settings. The type of 2FA we've enabled is Time-based One Time Password (TOTP). Basic functionality and user flows that have been released are:

Users will be able to find a '2 step verification" section on their profile page on the dashboard.

Ability to log in to EO/Partner dashboard using 2FA:

  1. User enters their username/password

  2. Next screen asks to enter verification code

  3. User enters verification code and gains access to dashboard

Ability to enrol a second factor (TOTP):

  1. User navigates to the Two Step Verification section on their profile

  2. Scan QR code using authenticator app on phone

  3. Enter verification code from authenticator app

  4. Verify

Ability to remove a second factor

  1. User navigates to the Two Step Verification section on their profile

  2. User confirms remove

  3. Complete.


v2 Feature Summary

As part of a v2 released, we are considering the following

  • Ability for admins to remove a second factor on behalf of a user

  • Ability for admins to choose whether or not to make 2FA compulsory for their entire organisation.


Feedback

Once live, feedback will be collected through initial discovery interviews with partner organisers. This feedback will be prioritised by our product team and used to inform the v2 2FA release.


FAQs

Can I enable 2FA when logging in with Facebook/Google/Apple?

No, 2FA can only be enabled for generic email login accounts.

If 2FA is enabled, do users need to authenticate every time they login to the dashboard or on a once-daily basis?

Users who have 2FA enabled will need to authenticate every time they log in.

If 2FA is enabled, do users always need their device with them (with auth app installed) to login to the dashboard?

This depends on the auth app in use - if the user is using an app like Google Authenticator, then yes they will need their phone with them. Apps such as 1Password support 2FA codes, and also sync across different devicess (including laptops/desktops), which means they can be used without a phone as well.

Did this answer your question?