Two-Factor Authentication

Summary: This article will describe the various 2FA features in Vantaca and how to enabled them.

Two-Factor Authentication (2FA) is a feature on many software platforms that allows for additional levels of security. After logging in with your Login and Password, you'll be asked to verify your identity through another method, usually by sending a unique code to an email address or phone number. 

Vantaca houses large amounts of data. Some of that data, such as contact info and bank account info, is considered "sensitive" information. While Vantaca does have many safeguards and protections in place to help keep your data safe, Cyber Security is only as good as the people using it. Enabling 2FA for your users makes it harder for unathorized people to access the data inside. 

Enabling 2FA

1. Go to the System > System Settings > Security tab.
   1. Note: You'll need the Security permission under Settings > Roles > Settings > System Settings in order to make these changes.
2. Under Two Factor Login, you'll have the following options:
   
   
   1. 2 Factor Authentication: This is where you can choose to have 2FA enabled for all of your users or opt to select individual users to have it (or none at all.)
      1. (Users can be enabled individually). This is the default setting.
      2. Required for all users.
         1. Note: If all of your users do not have valid email addresses, you may receive an error message after enabling this option. The error message will info you of how many users are missing valid email addresses.
            
            
   2. 2 Factor Remember Computer Expiration: This is where you can set the frequency that you want your users to re-authenticate their logins.
      1. Note: When a user selects the Remember me on this computer checkbox upon entering in their authentication code, the authentication is remembering the login for the amount of time configured here. This checkbox's setting is retained in the browser via cookies, so if you switch browsers or delete cookies the setting will be lost and you'll need to re-authenticate.
      2. You can select from one of the following amount of days:
         1. 0 Days
         2. 30 Days
         3. 60 Days
         4. 90 Days
         5. 180 Days
3. If you selected Required for all Users and all of your users have valid email addresses, setup is complete! However, if you selected Users can be enabled individually, continue from here.
4. Go to Settings > Users and click the Edit button on the user you want to enable 2FA on.
   
   1. Note: You'll need the Add/Update permission under Settings > Roles > Security > Users > Users in order to edit the 2FA setting for each user.
5. Check the Require 2 Factor Authentication checkbox and click Save.
   

Best Practices

One of the barriers to using 2FA is that some users, or groups of users, do not enjoy the extra "hassle" to log in. While Vantaca encourages all users to use 2FA, we recommend that at a minimum, users that have Roles allowing them access to view and/or enter Bank Account information (AR, AP, Accounting) should have 2FA enabled.