Online security is important. This is especially true when considering programs and websites that we use consistently in our day to day lives. For foremen, estimators, or anyone else looking to make active use of the SharpeSoft cloud environment, it’s highly recommended to establish a useful second factor protocol for your entire company.
But first, what is second factor authentication?
Most online accounts are guarded and maintained by a combination of a username and a password. Because the only method of protection this method offers is the password, this can be considered single factor authentication.
A second factor authentication system, therefore, would ask the user to submit something else in addition to their normal password. The most common types are verification passcodes sent to either an email address, or texted to a mobile phone.
SharpeSoft offers support for both email verification and texting through Twilio SMS account connection. Continue reading to find out how you can make your SharpeSoft account more secure.
Email/Twilio Configuration
Both Email and Twilio configurations will be accessed in the Estimator by clicking on the Defaults menu in the toolbar, then navigating to Email/SMS Configuration.
The information you enter here is used by the SharpeSoft Email Quoting System to send requests for quotes to your vendors. Your internet service provider or IT department should have the server information needed to complete this window. The same information as entered above will also be used for Second Factor authorization processes through email. This will not impede SharpeSoft Email Quoting System functionality.
If your company is an avid user of the Estimator's quoting system, it's likely this is already completed. It is always recommended to double check.
Twilio
Twilio is a cloud communications platform, and an incredibly useful tool in terms of second factor authentication. There is no monthly fee, rather you pay for messages sent and received. While it's possible to turn a personal phone number into a Twilio phone number, this process is intensive and can take up to several weeks of time. Therefore, it is recommended to purchase a Twilio number specifically for the purpose of SMS second factor authorization.
All of the information necessary will be provided to you by Twilio.
Now that your email and/or Twilio configuration is complete, you can move on to actually setting up your second factor authentication policies.
Security Policies Window
By default, the Second Factor Authentication Type is set to Not Available. This will not require users to do any additional work when logging in other than submitting login credentials like normal.
You also have the option to require users to enter second factor information based on policies decided upon by your company. Selecting Required (Either SMS OR Email) will require users to submit login codes they receive through either of the available services. Selecting Required (Both SMS AND Email) will not let users in until they have submitted login codes sent to both their phone and email. This method is the most secure, but potentially the most time consuming.
Note that if any second factor policy is enabled, Allow Remember Login on the Login Policies menu will be disabled.
Second factor policy can be further customized in the Trigger Second Factor When field.
Selecting Always will require a user to always enter second factor login information when they attempt to login.
On New Machine will only require a user to submit second factor information if they attempt to login from a new workstation.
On Password Change is like the choice above, in that the system will only ask for second factor information when the user creates a new password. You are not limited to only one of these selections, either.
For example, selecting On New Machine and On Password Change will prompt the user to submit their credentials if they were to create a new password or if they attempt to log in to a new workstation. Further, you can also decide how often your second factor policy triggers by filling out the Days field.
For any second factor policy, Stale Time refers to how long a given second factor code is valid. If a user does not input their credentials within the Stale Time, they will have to request a new code. Stale Time can be configured by entering hours and minutes in HH:MM format, where 02:00 would equal two hours, 00:30 would equal thirty minutes, etc.
Logging In with Second Factor Authentication
For both login methods, you will notice a change in the initial login screen. Now, instead of the button saying "Login," it will say Get Codes. Clicking Get Codes will send you your second factor authorization code dependent on the method chosen by the administrator.
With Email
After clicking Get Codes, you will be presented with the secondary login screen below. Now you will enter the code sent to your email on file, an example of which has been provided in the insert picture. Once you have copy and pasted or manually entered the code, you will be entered into Estimator and are free to use the program like normal.
With SMS
After clicking Get Codes, you will be presented with the secondary login screen below. Now you will enter the code sent to your phone number on file, an example of which has been provided in the insert picture. Once you have manually entered the code, you will be entered into Estimator and are free to use the program like normal.
Two Factor 2FA Estimator Config Email SMS Text Twilio