As of September 1, 2021, Presspage will enforce multi-factor authentication for all client accounts. This extra security layer keeps your account well-protected and drastically reduces the likelihood of your user account getting compromised.
We've compiled a small FAQ to answer any questions you might have.
- What is MFA?
Multi-factor authentication, also known as two-factor authentication, is an additional security layer to protect your account. This means you will log in with not just a password, but also a security code generated by an authentication app such as Google Authenticator or Authy.
- Why is MFA important?
Using usernames and passwords alone is not very secure. They are vulnerable to brute force attacks and can be stolen by third parties, through data breaches in other systems where the same password is used, physical theft, guessing or malware. Without MFA, it only requires one correct username and password to access all your confidential data in Presspage. To eliminate this risk, we have added mandatory Multi Factor Authentication to all our user accounts. This means that a hacker cannot obtain your company's data, even if they would be in the possession of the right username and password for one of your users.
- What happens in case we have Single Sign-On enabled?
If you have SSO enabled for your account, authentication is handled on the side of the identity provider. This means that enabling multi-factor authentication for your account will not affect your log in process.
- Which app do I need to scan the QR code?
We recommend Google Authenticator (Android, iOS) or Authy (Android, iOS). Microsoft Authenticator is also supported. Using the default camera application on your phone will not work.
- Do I need to scan the QR code each time?
You'll need to scan the QR code just once to add Presspage to your authenticator app. The authenticator app will then be able to generate a 6-digit code that you can enter when you log in.
- Do I need to enter the 6-digit code each time?
You'll only be prompted for the code every 30 days, or when you log in from a new IP address.
- Can we use a password manager instead of using MFA?
While the use of a password manager is recommended to prevent password re-usage, it's not an alternative to MFA by itself. Even a strong password that's not used anywhere else, may still be intercepted or otherwise compromised.
- Can we use MFA by SMS or email message instead?
We only support MFA by authenticator application. One-time passcodes generated by an authenticator app are much harder to intercept or spoof than text messages or emails are.
- Help, I have a new phone! How do I get my authenticator app migrated to my new telephone?
Authy makes use of a master passphrase allowing you to transfer the codes easily to your new telephone. With Google Authenticator, there are some additional steps to follow. This article explains it well.
- Help, I have lost my phone and/or have no access to my authenticator app anymore.
Please reach out to Support at email@example.com, who can help you regain access to your account.