Multi-factor authentication in our VMS

Multi-factor authentication (MFA) is an additional layer of security, on top of using a password. MFA is meant to prevent hackers from gaining access to the application. There are different MFA methods but the principle of all of them is the same; in addition to something that you know (your password) access to your account also requires something you have (e.g. a smartphone).

MFA will be a requirement

From November 2021 and onwards, MFA will be available to Administrator-, MSP- and customer users. This means these users can, if desired, connect their smartphone to their account to make use of this additional layer of security. Subsequently, from January 2022 and onwards, MFA will be enforced for them. Supplier users, Independent contractors and resources will (contrary to our previous messages) not be able to use MFA yet. We will release more information about this as soon as possible. For this last group of users, MFA will not be enforced anytime soon.

Understanding why

You have probably seen it on the news: privacy and business sensitive data of users of an arbitrary organisation have been publicly made available by hackers. There is no reason for panic but the time in which a username and password was sufficiently safe, has passed. With that in mind we are making the use of MFA a requirement for users dealing with large amounts of these kinds of data (MSP- and customer users).

Opt for security

In addition to this enforcement, our general advice is to make MFA available for all user types. To use it, they will need a smartphone with an Authenticator app (TOTP method) installed. There are multiple Authenticator apps available for iPhone (in the App Store) and Android (in the Play Store). Examples of such apps are: Salesforce Authenticator, Microsoft Authenticator, Google Authenticator, Authy and Lastpass Authenticator. With the help of an Authenticator app, you can scan a QR code or fill in a pairing code when setting up. This way, the smartphone will be linked to the account. The next time you log in with the account in question, a logincode will be requested. This code can be retrieved from the app with which a link was previously established.

Lost your phone?

Don’t panic! If you lose your smartphone there is the option of disconnecting MFA. This can be done via the MSP. This way, you can always, quickly access your account and the security of the application and your own information remains guaranteed.

Looking for more information and/or the user manual of Multi-Factor Authentication? Please take a look at Hello! Nétive.