2-Step Authentication (2SA), also known as 2 Factor Authentication (2FA) or Multi-factor Authentication (MFA) is a security setting used to verify your login in two ways. It helps to ensure your personal and company account data is secure and is safer than simply just using a password.
In Unleashed, every user will be required to set up 2SA for their Unleashed login, unless your Unleashed account is using Access Evo.
What is Two-Step Authentication?
Two-Step Authentication (also known as 2SA) is a type, or subset, of multi-factor authentication (also known as MFA). It is an additional level of security as it is a way of confirming users' identities by using a combination of 2 different factors:
something they know (a password)
something they have (a device), or
something they are (answers to questions only they know)
Unleashed uses a third-party authenticator app that enables two-step authentication. The authenticator app generates a code that is frequently refreshed and which only you can use in order to authenticate your login request.
Having this additional layer of security makes it significantly harder for someone to get access to your account, even if they have managed to get hold of your password.
When you set up 2SA you will be provided a secret key to an authenticator app. This secret key is unique to your Unleashed account and is passed to a Time-based One-Time Password algorithm (TOTP) that generates a unique authentication code that must match the code generated by your unique secret key within Unleashed. If the authentication codes do not match, you will need to try again. The authentication codes can be sent to your alternative email address if necessary.
What do I need to set up 2-Step Authentication?
Your Unleashed user email address and password
A device on which to install your authenticator app (smartphone or desktop of your computer)
An alternative email address (required in cases where you may not have access to your phone or computer) - this email address cannot contain the "+" sign and must be different to your Unleashed login email address
Recommended authenticators
There are several Authentication apps available. Your company may already have a security policy stipulating an authenticator app that you must use. If so, all you need to do is add your Unleashed account to that app during the setup, and ensure your authenticator has six-digit codes.
If you do not have a recommended application, here are a few recommendations:
Google Authenticator → https://support.google.com/accounts/answer/1066447
Microsoft Authenticator → https://www.microsoft.com/en-us/account/authenticator
Chrome Authenticator → https://chrome.google.com/webstore/detail/authenticator/bhghoamapcdpbohphigoooaddinpkbai
Set up 2-Step Authentication
Initially, setting up 2SA per user can take anywhere from 2 minutes, if you are simply adding Unleashed to an existing authenticator app, to around 10 minutes for someone using an authenticator app for the first time.
To setup 2SA for your Unleashed login:
After you've been invited as a user to Unleashed and you've set up your login email address and password combination, you will be prompted to set up 2SA.
Install an Authenticator app on your phone or computer from the above recommended list or install the authenticator app instructed by your Account Owner/Administrator. You may already be using an authenticator app for another platform, in which case simply add your Unleashed account.
Open your Authenticator app and scan the QR (Quick Response) code, or click on "enter your key manually" which will reveal characters that you can use for the authenticator app instead of scanning the QR code.
After entering or scanning the QR code, the authenticator app will reply with your unique, six-digit authentication code, which is usually valid for between 30 and 60 seconds before a new code is generated.
Input the unique six-digit code (in this example, it would be 123 456).
You will now be asked to provide an alternative email address so that an authentication code can be emailed to you, in the event you cannot access your Authentication App. This cannot be the same email address as your Unleashed login email address, so a personal email address is ideal.
Click "Send Verification Code", and a confirmation message will pop up.
Verify your alternative email address by retrieving the email and supplying the code that was sent to your alternative email address (emailed authentication codes are valid for 15 minutes).
You are now set up for 2SA! Click on "Got It" to take you to Unleashed.
The next time you login to Unleashed you will be prompted for a new authentication code. There is an option to "Remember me for 30 days" which you can check so that you only have to authenticate every 30 days. Please consider your situation carefully before enabling this option. If you need to have an authentication code emailed to your alternative email address, click on "Lost your mobile device?".
Reset 2-Step Authentication
In the instance where you lose access to your existing authentication or would like to setup authentication on a new device, your Account Owner for Unleashed can reset your 2SA, allowing you to use your new device moving forwards:
From Unleashed's main menu, the Account Owner navigates to Settings, Security and select Users.
Along the user's row, hover over the Action Cog, and select the option to Reset 2SA.
When the user next logs in to Unleashed they will be prompted to setup 2SA with a new QR code.
If you are the Account Owner of your Unleashed account, you are also able to reset your own 2SA.
Setting up 2-Step Authentication Tutorial Video
User scenarios
As per Unleashed's Terms and Conditions, a User is defined as follows:
An Invited User is a unique individual authorized by You to use the Services for Your benefit in accordance with this Agreement, including Your employees, representatives, contractors and agents and the employees, representatives, contractors and agents of Your Affiliates (if any).
Please see clauses 2.1, 3.6 and 8.2 of Unleashed’s Terms and Conditions which reference User Licensing, access conditions and subscription levels
Note: We will be implementing session management in the near future. This will automatically time out inactive sessions and you will be required to authenticate when you next login.
Scenario | Action |
Single User - 1 person using 1 device | Set up your 2-step authentication. In this scenario, any of the recommended methods are a good fit and you could also use the "remember me for 30 days" option. |
Single User - 1 person using multiple devices | Where it is a legitimate multiple device situation, you will need to use the same device and/or alternate email address for authentication. In this scenario, the Google Authenticator app is the recommended method. |
Single User with access to multiple organisations | Set up your 2-step authentication once and access your other organisations within Unleashed as usual. |
One device that multiple users use for short periods | Each user sets up their 2-step authentication and must log out of Unleashed between sessions. In this scenario, any of the recommended methods are a good fit and you could also use the "remember me for 30 days" option. |
A user logs on with a generic email address | The identified "custodian" of the email address will need to set up authentication for the generic email address with an agreed alternative email address. In this scenario, any of the recommended methods are a good fit. |
A QBO Customer is using the Intuit single sign-on facility | There is currently no change to this process. |
A QBO Customer is using the Unleashed log in | Set up your 2-step authentication. In this scenario, any of the recommended methods are a good fit. |
A User has lost their device | Use the "lost device" option which emails an authentication code to the alternative email address you entered during setup. |
Frequently asked questions
What happens when I enter invalid authentication codes?
What happens when I enter invalid authentication codes?
Authentication codes are generated and are only valid for a limited time to ensure security. Authenticator app codes are generally valid for between 30 and 60 seconds. Authentication codes sent to your alternative email address are valid for 15 minutes. Sometimes you may enter a code that has already expired and you will be "challenged" to provide another code.
After 3 failed attempts, you will be offered the option of having the authentication code emailed to your alternative email address.
When I input my 6 digit code I get the message "Your authentication information is incorrect. Please try again."
When I input my 6 digit code I get the message "Your authentication information is incorrect. Please try again."
If you are receiving an error after inputting your 6 digit authentication code this could be related to the device's date and time. Make sure your device is set correctly by turning on the automatic time zone feature in your device settings.
How long does my session last before Unleashed logs me out?
How long does my session last before Unleashed logs me out?
Unleashed does not log you out after being idle for any period of time, but will be introducing session management at a later date to identify idle sessions and time them out.
How long does it take for my alternative email address verification email to arrive in my inbox?
How long does it take for my alternative email address verification email to arrive in my inbox?
The verification email for an alternative email address should arrive almost instantaneously. In the event you have not received it within a few minutes, please check your spam and junk folder, or contact support.
How can the alternative email address be changed?
How can the alternative email address be changed?
The alternative email address can only be set during your 2-Step Authentication (2SA) setup process. In order to change your alternative email address, you would need to set up your 2SA again. Your Account Owner will be able to reset 2SA for you by logging into their Unleashed, navigating to Settings > Security > Users, then hovering over the Action Cog at your Action column, and clicking on 'Reset 2SA'.
Once the Account Owner has reset 2SA for you, the next time you attempt to login to your Unleashed account, you will be prompted to set up your 2SA. And during the setup process, you will be able to enter the alternative email address you wish to use.