Two-Factor Authentication

Explaining Two-factor authentication and how to set it up and protect your account

1.     Introduction

The security of your financial data is very important to us. One of the easiest and most effective ways that you can protect your account is to use Two-Factor Authentication (2FA).

Why do I need it?

No matter how security conscious you are, it is easier than you would imagine for someone to steal or guess your password. Unfortunately phishing and hacking attempts are common on financial systems. Any of the following could put you at risk of having your password stolen:

  • Using the same password for more than one site, 
  • Downloading software from the internet 
  • Clicking on links in email messages from unknown senders

Protecting yourself with Two-Factor Authentication makes it much harder for cyber-criminals to impersonate you and gain access to your finance system.

 

How it works

Using Two-factor authentication means that after entering your login name and password to access the finance system, you will also need to enter a code generated from your linked mobile app to logon.

Verification codes are unique to you, they are generated by an app on your mobile device and each code can be used only once. Most apps can generate verification codes even when your device has no phone or data connectivity.

You will also be issued with a set of one-time use back up codes that you can print or download for use if your phone is unavailable.

No one else can log into your account, as you are the only person who knows your login name, password and has access to your authentication device.

If you login to different companies using a group login, you only need to set 2FA up once and it will apply to all companies within the group.

If you have more than one login name and/or login to multiple companies you can set up separate 2FA accounts using the same app.

If you always use the same computer and browser to login to the finance system, then you can choose to enter the code once every 30 days rather than each time you log in.


How does 2FA protect me?

Using Two-Factor authentication means that in order to log on you need to have:

  • Something you know (your password)
  • Something you have (a code generated from a mobile device)

So even if someone steals or guesses your password, they will not be able to logon to your account without your mobile device.



2.     Enabling Two-Factor Authentication

2.1 Enable 2FA in AccountsIQ 

To enable Two-Factor Authentication, go to Setup>Security>Two-Factor Authentication 

You will then be prompted to enter your password

2.2 Download an authenticator app to your mobile device 

If you already use an authenticator app for accessing other accounts, you can add another account to it for AccountsIQ. 

If not, there are some industry standard apps that we recommend such as

  • Microsoft Authenticator (for Windows phone, Android or iOS) 
  • LastPass Authenticator (for Android and iOS).
  • Alternatively, search for "Authenticator " in your device's app store and pick your preferred app.

Follow the instructions to download your app of choice and set up an account on the app.

2.3 Link your Authenticator app to AccountsIQ

Scan the QR Code using your mobile device to link the app to your AccountsIQ account.

Finally input the verification code from the app into the system

2.4 Securely store your recovery codes

A confirmation message will be displayed on screen and a set of recovery codes will be displayed.

You need to save these recovery codes somewhere safe. They are the only way you will be able to access the system without your mobile phone if you have Two-Factor Authentication enabled. 

Each code will expire when it has been used to log on to the system. We recommend downloading a new set of codes when you have used 8 or 9 of the codes.

If you do not have access to your linked device or set of recovery codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.

Support@accountsiq.com do not have access to disable Two-Factor Authentication on your behalf.


3.    Logging on Using Two-Factor Authentication

If you have enabled Two-Factor Authentication, you will need to use it every time* you logon to the system 

*There is an option to Remember me on this device for the next 30 days, see below for more details on how this works

Go to your normal logon screen and enter your Company ID, Username and Password as usual

You will then be prompted to enter the generated code from your linked authentication device

If you tick the  Remember me on this device for the next 30 days option at logon before entering the code ,  you will only need to enter the authentication code every 30 days. 

In this context, a "device" refers to an internet browser, if you use a different browser, an incognito session or clear your cookies, you will need to re-enter your 2FA code.

You should only click this option on a trusted device and never on a shared or public device.

If the code is accepted then you will be logged onto the system

An error will be displayed if the code has expired or is entered incorrectly

Retry the entering the code, or if you are unable to do that, you can click on the link to use one of your recovery codes instead

Recovery codes can not be entered from the logon screen above, you must follow the Use one of your recovery codes instead link to logon with the recovery codes

If you do not have access to your linked device or set of recovery codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.


Support@accountsiq.com do not have access to disable Two-Factor Authentication on your behalf.


4.    Resetting your recovery codes

The Recovery codes are unique to each user and each code can only be used once to logon to the system. After use, each code expires.

It is extremely important therefore to download a new set of recovery codes when the current set have been used.

When you generate a new set of recovery codes, the old set will no longer work.

To generate a new set of recovery codes, go to Setup>Security>Two-Factor Authentication.

You will be prompted to enter your system password, then click on Reset Recovery Codes from the left hand menu.

Click on Regenerate Recovery Codes.

Make a note of the new codes and take care to delete the old set of codes to avoid any confusion.

Store the codes somewhere safe but accessible.

If you do not have access to your linked device or set of recovery codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.

5.    Disabling Two-Factor Authentication

If you decide that you no longer require Two-Factor Authentication, it can be disabled from within the system.

Go to Setup>Security>Two-Factor Authentication.

You will be prompted to enter your system password, then click on Disable Two-Factor

6.    Frequently Asked Questions

6.1 As a group administrator, can I force users to use 2FA?

Although we highly recommend using 2FA, it is not possible to force users to adopt it. 

6.2 I don't have my phone with me, how can I logon to the system?

If you don't have your mobile device with you, the only way to logon to the system is to use your back up codes.

Neither your local admin user or AIQ support team will be able to bypass 2FA.

It is really important therefore to store your back up codes in a place that will always be accessible to you. 

6.3 What if I have more than one login account?

If you login to different companies using a group login (3-5 letters followed by 0000) you only need to set 2FA up once and it will apply to all companies within the group.

If you have more than one login name and/or login to multiple companies (3 letters followed by 4 numbers) you can set up separate 2FA accounts using the same app.

Was this article helpful?

Can’t find what you’re looking for?

Our award-winning customer care team is here for you.