What is Two-Factor Authentication?
At WorkMarket, we take your security very seriously. By enabling Two-Factor Authentication (TFA), you can now add in an extra layer of security to ensure that only you gain access to your account.
In addition to login and password, WorkMarket implements an optional second authentication mechanism. This second factor authentication is based on a one time, temporary code provided via a smartphone application.
Individual users, whether they are employees or administrators can decide to enable two-factor authentication for their own account, even if there is no company policy to that effect.
In order to enable two-factor authentication, a user would navigate to the following section of WorkMarket:
Home > My profile > Edit profile > Two-Factor Authentication > Get started
*My profile for administrators is located in a menu accessible via the rightmost icon in the orange menu bar where it is directly visible for a standard user.
Note: After getting started, the user will be taken to the two-factor authentication initial setup process discussed in a the following section of this document. Upon completion of the setup process, two-factor authentication is ready to be used when the user logs in WorkMarket.
Initial Set up
Before being able to use two-factor authentication, users have to set it up. During this 3 step process, their mobile phone will be required. The setup is composed of:
- Saving recovery codes (in case the user wants to later on access WorkMarket without a phone)
- Configuring the authentication application on their phone, using either the QR code provided or entering a numeric code in the authentication application
- Finalize the setup
Two-factor authentication usage
In general, day to day use of two-factor authentication, the following steps allow access to WorkMarket:
- Enter correct login and password
A: Enter a one time, temporary two-factor authentication code provided by the user’s cellphone authentication application.
B: Enter one of the recovery codes provided during setup of two factor authentication (in case the user does not have his/her cellphone at hand)
Access is granted
Two-Factor Challenge Options
(user interface on the left, an example of authenticator app on the right)
Recovery code option
(user interface on the left, an example of recovery code list on the right)
Upon successful two-factor code or recovery code entered, the user is granted access to WorkMarket.
Remembering a device for two-factor
In order to limit the amount of times a user needs to enter two-factor codes, an option is provided to remember the device on which the code was entered. When this option is toggled, the user will only be prompted for two-factor every once in a while, as defined by the company two-factor frequency (between 1 and 45 days).
Note: Don’t toggle this option on public computers or any other device that is not a device the user owns. They would let anyone with your login and password access your account.
Two-factor authentication as a company (Admin only)
Company administrators are provided with additional options for two-factor authentication. These options are located in the company settings section and affect all employees. An administrator would navigate to the company two-factor settings as indicated below:
Home > Settings > Two-Factor Authentication
Options that affect all employees in the company are two-factor frequency and two-factor company policy. They can be used independently or together.
Two factor frequency
Two-factor frequency sets the number of days between Two-factor challenges. By default, users are asked two-factor challenges at every login. If a user decides to have Two-factor remember their device, two-factor challenges will be asked at a frequency decided by the two-factor frequency option.
Two factor policy
In order to enforce two-factor authentication for all employees, an administrator can require it as a company-wide policy:
The toggle in the administrator section will require all employees (including the administrator themselves) to setup and use two-factor authentication upon their next login.
Note: if the toggle is later toggled off, the company policy will not be in effect but the existing users of two factor authentication will still use it until they explicitly disable it in their profile section:
Home > My profile > Edit profile > Two-Factor Authentication > Disable
Two-factor renewal when switching phone or computer
Once Two-factor authentication is setup for a device, be it a phone or a computer, it is linked to that device.
When changing device, a user would need to use one of the recovery codes to access their account and navigate to
Home > My profile > Edit profile > Two-Factor Authentication
In order to reconfigure Two-Factor for the new device