The security of your financial data is essential to us. One of the easiest and most effective ways you can protect your account is to use Two-Factor Authentication (2FA).
Why do I need 2FA?
No matter how security conscious you are, it is easier than you would imagine for someone to steal or guess your password. Unfortunately, phishing and hacking attempts are common in financial systems. Any of the following could put you at risk of having your password stolen:
- Using the same password for more than one site
- Downloading software from the internet
- Clicking on links in email messages from unknown senders
Protecting yourself with Two-Factor Authentication makes it much harder for cyber-criminals to impersonate you and gain access to your finance system.
How 2FA works
With 2FA you must enter your login details in addition to a code generated from your linked mobile app. Verification codes are unique and can only be used once. Most apps can generate verification codes even when your device has no phone or data connectivity. You will also receive a set of one-time-use Recovery Codes that you can print or download for use if your phone is unavailable.
No one else can log into your account, as you are the only person who knows your login name, and password and has access to your authentication device.
If you log into different companies using a group login, you only need to set 2FA up once and it will apply to all companies within the group. If you have more than one login name and/or log into multiple companies, you can set up separate 2FA accounts using the same app. If you always use the same computer and browser to log into the finance system, then you can choose to enter the code once every 30 days rather than each time you log in.
Enabling Two-Factor Authentication
1. Enable 2FA in AccountsIQ
Go to Setup > Two-Factor Authentication.
You will then be prompted to enter your password.
2. Download an authenticator app to your mobile device
If you already use an authenticator app for accessing other accounts, you can add another account to it for AccountsIQ.
If not, there are some industry-standard apps that we recommend:
- Microsoft Authenticator (for Windows phone, Android, or iOS).
- LastPass Authenticator (for Android and iOS).
- Alternatively, search for "Authenticator " in your device's app store and pick your preferred app.
Follow the instructions to download your app of choice and set up an account.
3. Link your Authenticator app to AccountsIQ
Scan the QR Code using your mobile device to link the app to your AccountsIQ account.
Finally, input the Verification Code from the app into the system.
4. Securely store your recovery codes
A confirmation message will appear on the screen along with a set of Recovery Codes.
You need to save these Recovery Codes somewhere safe. They are the only way you will be able to access the system without your mobile phone if you have 2FA enabled.
Each code will expire when it has been used to log on to the system. We recommend downloading a new set of codes when you have used 8 or 9 of the codes.
Logging in using Two-Factor Identification
If you have enabled 2FA, you will need to use it every time you log into the system. (There is an option Remember me on this device for the next 30 days, see below for more details on how this works.)
1. Go to your normal login screen and enter your Company ID, Username and Password as usual.
2. You will then be prompted to enter the generated code from your linked authentication device.
If you tick Remember me on this device for the next 30 days before entering the code, you will only need to enter it every 30 days. In this context, a device refers to an internet browser. If you use a different browser, an incognito session, or clear your cookies, you will need to reenter your code. You should only click this option on a trusted device and never on a shared or public device.
If the code is accepted, then you will be logged into the system.
An error will be displayed if the code has expired or is entered incorrectly.
Try reentering the code, or if you are unable to do that, click Use one of your Recovery Codes instead link to use one of your recovery codes instead. Recovery Codes cannot be entered from the login screen.
Resetting your Recovery Codes
The Recovery codes are unique to each user and each code can only be used once to log into the system. After use, each code expires. It is extremely important therefore to download a new set of recovery codes when the current set has been used.
When you generate a new set of recovery codes, the old set will no longer work.
To generate a new set of Recovery Codes:
1. Go to Setup > Two-Factor-Authentication.
2. Enter your system password, then click on Reset Recovery Codes from the left menu.
3. Click on Regenerate Recovery Codes.
4. Make a note of the new codes and delete the old set of codes to avoid any confusion.
5. Store the codes somewhere safe but accessible.
Disabling Two-Factor Authentication
If you decide that you no longer require 2FA, you can disable it.
1. Go to Setup > Two-Factor Authentication.
2. Enter your system password, then click Disable Two-Factor.
I don't have my phone with me, how can I log into the system?
If you don't have your mobile device with you, the only way to log into the system is to use your backup codes. Neither your local admin user nor AIQ support team will be able to bypass 2FA. It is important therefore to store your Recovery Codes in a place that will always be accessible to you.
What if I have more than one login account?
If you log into different companies using a group login (3-5 letters followed by 0000) you only need to set 2FA up once and it will apply to all companies within the group.
If you have more than one login name and/or log into multiple companies (3 letters followed by 4 numbers) you can set up separate 2FA accounts using the same app.Delete