Skip to main content
All CollectionsData and Security
Two-Factor Authentication
Two-Factor Authentication

Require your users to use an extra level of security when logging in

Dom Yeadon avatar
Written by Dom Yeadon
Updated over a week ago

Student CRM supports 2FA (Two-Factor Authentication) using Time-based One-time Passwords (TOTP)

Multi-Factor Authentication (MFA) adds an extra layer of account protection by requiring at least two types of authentication. This can be something a user knows, like their password, AND something the user has, like a phone. One-time passwords, including TOTP, use a common possession or "something you have" factor and help increase the security of your user account.

Student CRM supports Two-Factor Authentication.
When enabled 2FA requires users to also enter a one-time special code when logging into Student CRM. For example, if somebody got hold of your email and password, they still couldn’t log into your Student CRM account because it would require your mobile to use a one-off special code to type in, and the intruder wouldn’t be able to generate that. 2FA keeps your student data extra safe.

Users need to have a personal mobile phone or a personal tablet to use 2FA, and can choose to use an authenticator app or SMS. (TIP: They all work the same way and you do NOT need to have an account with Microsoft, Google, or Twilio to use them.)

When using an authenticator app, choose any of these free authenticator apps:

FAQs:

Q. As a user, where do I set up my 2FA?

A. When you are logged in as a user you go to your User Profile in the top menu, under your name. In the 2FA tab, you can set up your chosen methods for 2FA by following the steps.

Q. How does the Microsoft Authenticator app work?

A. Microsoft Authenticator is a free app provided by Microsoft, and it links to Student CRM and generates a code when you open the app. You generate a code after first entering your email and password. Just copy the one-time code into the login page and it will verify that only your phone could and did generate that unique code.

Q. How does the Google Authenticator app work?

A. Google Authenticator is a free app provided by Google, and it links to Student CRM and generates a code when you open the app. You generate a code after first entering your email and password. Just copy the one-time code into the login page and it will verify that only your phone could and did generate that unique code.

Q. How does the Authy Authenticator app work?

A. Authy Authenticator is a free app provided by Twilio, and it links to Student CRM and generates a code when you open the app. You generate a code after first entering your email and password. Just copy the one-time code into the login page and it will verify that only your phone could and did generate that unique code.

Q. How does the SMS method work?

A. No need to download any apps, it uses text messages. You enter your mobile number and request a one-time SMS code when logging in, after first entering your email and password. Just copy the one-time code into the login page and it will verify that your phone received that unique code.

Please note that SMS codes are all lowercase. Please ensure you don't have cap-lock on by accident when entering your code.

Q. I don't want other people to be able to see or access the mobile number I've used for SMS Authentication.

A. No worries! The mobile number used for 2FA is hidden from everyone except you, and it'll only ever be used for 2FA.

Q. Can I have a different mobile number on my Profile card from the one I get my SMS codes sent to?

A. Yes. They are separate. As long as both phones are yours, that is fine.

Q. As it sends out SMSs, does that use up our SMS Credit Balance?

A. No. These are system SMSs and are included in your subscription.

Q. Do I need to set up both Authenticator and SMS 2FA methods?

A. It's a good idea but not strictly necessary. If one 2FA method is not available to you, you can use the other one.

Q. As a user, what if I enter an incorrect Authenticator code when logging in?

A. The login page tells you there is a problem and asks you to try another code, which your Authenticator app will generate within a few seconds which you can try.

Q. As a user, what if I enter an incorrect SMS code when logging in?

A. The login page tells you there is a problem and asks you to request another code, which Student CRM generates and sends to your mobile, which you can try.

Please note, you may need to wait up to 5 minutes to request a new code. This is an anti-spam countermeasure.

Q. What are my backup codes used for?

A. When you set up your 2FA as a user, you get a set of unique backup codes for you to store somewhere safe (maybe in your own password manager software?). This is useful if you were to lose your mobile as you would still be able to get in by entering one of these backup codes. Like the Authenticator and SMS codes, they are one-time use only.

Q. If I lose my backup codes and 2FA system, how can I log in?

Contact your User Admin. They will be able to view the 2FA tab on your profile and reset your 2FA settings by clicking "reset this users 2FA":

This will remove any 2FA systems you had set up and delete your backup codes so you can start over.

Q. Having set up my 2FA methods, can I change them, for example, if I want my SMS codes to be sent to my other mobile number?

A. Yes you can. Just click the 'Reset' button on each one and start again.

Q. Having set up my 2FA methods, can my User Admin change them?

A. User Admins can't see the details of your own 2FA setup, but they can see when you set each one up. If you can't log in, they can reset your 2FA for you. You then log in as before and set them up again.

Q. What if I can’t use Authenticator or SMS?

A. Speak to your User Admin.

Q. Can we use a shared departmental tablet for Authenticator?

A. No.

Q. When I tick 'Remember me' when using a 2FA code, what does that do?

A. It means you don't need to use a 2FA code for 30 days. The only exception is if you log in from a different IP (ie: you are at a conference and use the hotel's WiFi which will have a different IP from the one you usually log in from).

GENERAL FAQs

Q. What else can I do to keep my login safe?

A. 1) Never share your login details with anybody else, no matter how helpful they tell you it would be, just don't. 2) Do NOT leave them on a sticky on your PC. 3) Use a strong password - there is a strength-o-meter on your 'change password' page. 4) Change your strong password regularly.

Q. You say 'use a strong password', such as?

A. Example of a random, strong, 30-character password: "8HfdGhTY8GEizTrhqqZg348uGK9CRL", and an example of a memorable strong password: "ignite-brownie-sloth-noodle-sonata-mark".

Did this answer your question?