2-Factor authentication

What is 2-factor authentication?

2-factor authentication introduces an additional layer of security to your account by requesting an automatically generated token when logging in from a new location. QuickFile relies on Google Authenticator to generate this token. It works in a similar way to how banks such as HSBC use a key fob that generates a seemingly random number each time you log in, in fact the number is not random but derived from a seed that was created when the account was opened and saved in the key fob, all subsequent numbers follow a pattern and can be verified when logging in.

image

The advantage of using 2-factor authentication is that it provides an added layer of security if for example your e-mail is compromised. In this scenario a hacker would be able to reset your password but would not be able to generate the additional token to access your account.

Enabling 2-factor authentication in QuickFile

You can enable 2-factor authentication in QuickFile from the Account Settings area, scroll down and look for the following option:

2-factor authentication only applies to managers of the account, and cannot be enabled for end-user clients.

Before proceeding please be aware that when 2-Factor Authentication is enabled it will apply to all team members in your account. These team members may not be able to access their account until each has completed the initial syncing process. Also be aware that to use this service each team member will require a device capable of running the Google Authenticator App.

From where do I download the Google Authenticator App?

You must download the Google Authenticator App before you will be able to setup 2-Factor Authentication on your account. Here are a some links where you can download the app:

The pairing process

Only the account administrator will be able to access the 2-Factor Authentication setup screen, whoever is your nominated account administrator should setup 2-factor authentication first. To do this they will simply need to scan the QR code on the 2-factor setup screen using the Google Authenticator App, and this will reveal a 6 digit code that must be entered into the box below to activate the 2-Factor Authentication.

image

Setting up other team members for 2-factor authentication

Once the account administrator has been setup for 2-Factor authentication they must then issue an invitation to each of the remaining team members (if applicable) so they to can access the system. To do this they must click on the link ‘Setup additional team members’.

A drop-down menu will appear allowing each team member to be selected, you can then send an authentication e-mail to each. This will send a link to a secure area where each team member can individually sync their devices with the 2-factor authentication service.

image

Please note: upon sending an invitation, this will only be accessible for 24 hours. The recipient will be advised to complete the setup process at their earliest convenience. If they do not complete this process in 24 hours you will need to reissue the invitation.

Logging in with 2-Factor Authentication

Once 2-Factor Authentication has been enabled on your account you will notice an additional box on the login screen.

image

You must now enter the token within Google Authenticator along with your e-mail and password. If you prefer not to have to enter the Google Authenticator code each time you login from a particular location you can check the box to remember you. Whenever you access from a different location you would need to provide the token.

Disabling 2-factor authentication

Only the account administrator will be able to disable 2-factor authentication. To do this the administrator must access the 2-factor authentication setup screen and click the following link to disable the service.

This action will disable 2-factor authentication for all users on the account.

What happens if I lose my phone?

If you lose your phone and you are the administrator of the account then you must contact us. We will go through some security questions and temporarily disable the 2-factor authentication, giving you enough time to access your account and reset.

If you are a team member but not the account administrator then you can contact the administrator so a new invitation can be issued.