Skip to main content

Multi-factor Authentication guide

R
Written by Raphael Cardona

What is Multi-Factor Authentication (MFA)?

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to LegalEye.

MFA is a core component of a strong identity and access management (IAM) policy. Rather than just asking for a username and password, MFA requires one or more additional verification factors, which decreases the likelihood of a successful cyber attack.

Why is MFA Important?

The main benefit of MFA is it will enhance your organisation's security by requiring your users to identify themselves by more than a username and password. While important, usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties. Enforcing the use of an MFA factor like a thumbprint or physical hardware key means increased confidence that your organization will stay safe from cybercriminals.

How Does MFA work?

MFA works by requiring additional verification information (factors). One of the most common MFA factors that users encounter is one-time passwords (OTP). OTPs are those 4-8 digit codes that you often receive via email, SMS or some sort of mobile app. With OTPs a new code is generated periodically or each time an authentication request is submitted. The code is generated based upon a seed value that is assigned to the user when they first register and some other factor which could simply be a counter that is incremented or a time value.

You can either use an authenticator app such as Microsoft Authenticator or Google Authenticator (recommended) or SMS. This document is designed to guide you through the set up of your chosen MFA method.

Authenticator App

Setting up MFA

Your organisation may already have an approved authenticator app such as Microsoft Authenticator or Google Authenticator that you are required to use for MFA. If this is the case please follow the steps below to set up your authenticator.

Step 1. Right after your first login, you will be presented with a screen prompting you to secure your account with an authenticator app. Use your authenticator app to scan the QR code, or click the “Trouble Scanning?” text and follow the given instructions if the QR does not work.

Step 2. Once you have either scanned the barcode or entered the setup key, with the authenticator app, your app will give you a one-time code to put into the “Enter your one-time code” field and click continue (see how Google Authenticator works here and Microsoft Authenticator works here).

Step 3. After successfully entering your one-time code you will be presented a recovery code. Click the ‘Copy code’ button to copy the recovery code and keep it somewhere safe. You will need the recovery code in case you need to login when you do not have access to your device/authenticator app

Step 4. After clicking “Continue” you will have logged in successfully! Each time you attempt to log in to LegalEye, you will need to use your authenticator app to input your one-time code to successfully log in.

Logging in with MFA

Each time you log in into LegalEye, you will need to use your authenticator app to get your one-time code for successful legaleye log in.

Step 1. Input your Username and Password as usual

Step 2. Open your authenticator app, check what’s the current valid one-time code for you to log in

Step 3. If you put the correct one-time code, you can log in successfully

Logging in when you have lost your Authenticator App

If you do not have access to your authenticator app, you can use the recovery code you saved earlier in Step 3 of “Setting up your MFA”

Step 1. When you are presented with the one-time code input click “Try another method?” and choose “Recovery code”

Step 2. Use your recovery code from Step 3 to type in your recovery code and follow the prompts

Google Authenticator

Microsoft Authenticator

SMS

Setting up MFA

Another method that you can use for authenticating yourself is SMS. Here is how to set up your multi-factor authentication method to use SMS when you do not have an approved Authenticator App:

Step 1. Right after your first login, you will be presented with a screen prompting you to secure your account with an authenticator app. However, you can click “Try another method” to find the option to use ‘SMS’

Step 2. Input your country code and your work mobile number so the system will be able to send the SMS to your device

Step 3. Check your messages and type down the code from the message you received. If you have not received the message, click ‘Resend’. But if you have, input your 6-digit code, click the ‘Continue’ button

Step 4. After successfully entering your one-time code you will be presented a recovery code. Click the ‘Copy code’ button to copy the recovery code and keep it somewhere safe. You will need the recovery code in case you need to login when you do not have access to your device/phone

Step 5. After clicking “Continue” you will have logged in successfully! Each time you attempt to log in to LegalEye, you will need to use your authenticator app to input your one-time code to successfully log in.

Logging in with MFA

Each time you log in into LegalEye, you will need to have access to the phone number you registered MFA with to get your one-time code for successful legaleye log in.

Step 1. Input your Username and Password as usual

Step 2. Follow the on screen prompts to receive your one-time code via SMS

Logging in when you do not have access to your mobile device

If you do not have access to the mobile number you used to register MFA with, you can use the recovery code you saved earlier in Step 3 of “Setting up your MFA”

Step 1. When you are presented with the one-time code input click “Try another method?” and choose “Recovery code”

Step 2. Use your recovery code from Step 7 to type in your recovery code and click ‘continue’ and follow the prompts

Reset your MFA

In the case where you either lose your access to your authenticator app/ phone and forget your recovery code. You can contact support@legaleye.com to reset your Multi-factor Authentication.

Did this answer your question?