What is two-factor authentication (2FA)?
There are three commonly used factors for authentication. Two-factor authentication (2FA) is typically a combination of two of these factors:
Something you know (e.g.:email/password)
Something you have (e.g.: a phone that can receive your One Time Password)
Something you are (e.g.: biometric captured via FaceID, touch ID, etc...)
Biometric is not practical at time of implementation. For this purpose, we use something you know with something you have.
Snugg Pro uses a time-based one-time password (TOTP) sent to your phone via SMS. This is the 2nd factor in addition to the existing email/password combination.
Watch the screencast walkthrough of 2FA
Why should I use 2FA?
2FA adds an extra layer of security in case your email ID and password have been compromised. The short validity of this password as well as its delivery mode to your physical device make it very difficult for an attacker to get access to your Snugg Pro account.
What does the 2FA login process look like?
As mentioned earlier, Snugg Pro uses a time-based one-time password (TOTP) sent to you via SMS.
Here is what hte process looks like:
You correctly authenticate with your username and password
Snugg Pro sends your mobile phone a TOTP. This TOTP is only valid for <5 minutes.
You correctly enter the TOTP.
The login process is now complete.
What does the 2FA set up process look like for the end user?
When you set up Two Factor for the first time, you will be redirected to the following flow:
You enter your mobile phone number.
Snugg Pro sends you a time-based one-time password (TOTP).
You correctly enter this TOTP to verify your phone number.
Snugg Pro generates a secret recovery key that can be used as a last resort if you are unable to receive an OTP. This is not your password and it is generated for you. You must save this key in a secure place as it will only be shown to you once.
The 2FA set up process is complete.
How can I turn 2FA on or off?
Program admins must contact support to turn 2FA on or off at the program level. Next time a user logs in, they will be prompted to set up 2FA.
Company admins can turn 2FA on or off from the Company settings on the 'Users' screen. This will ensure that users must set up 2FA the next time they log in (or when they create an account in the case of new users).
Users can turn 2FA on or off from the Profile section on the Password & Credentials screen only if the both of the following conditions are met:
None of their associated companies require 2FA
None of the programs associated with the user's companies require 2FA.
If a company or program chooses to stop requiring 2FA, pre-existing 2FA users will continue to use 2FA until they manually turn it off from their profile section under Passwords & Credentials.
How should I roll out company-level or program-level 2FA for minimum disruption?
Here are some recommended steps to roll out 2FA:
Set a date and tell people
Let your teammates and trade allies know that 2FA is coming well in advance. Set a 2FA enforcement date and send out multipe reminders.Explain the changes that are coming
2FA comes in various shapes and sizes. Be sure to explain how 2FA will work in Snugg Pro. This article is a good resource.Encourage people to set up 2FA in advance
Users can opt into 2FA at any time from their profile section. While the experience is fairly seamless, it's a good idea to do at a time and place that is familiar.Turn on 2FA for your company or program
Company admins can turn 2FA on or off from the Company settings on the 'Users' screen.
Program admins should let support know at least 1 week in advance.
Will users be forcibly logged out once 2FA is turned on for my company or program?
No. Users will only be prompted to set up 2FA the next time that they have to log in. This could when their session expires (after about 2 weeks) or when they intentionally click the logout button.
If you want users to set up 2FA immediately, you should direct them to their profile settings so can proactively set up 2FA before their next login:
When do I have to use 2FA?
2FA is only required if you work within a company or a program that requires two-factor authentication. If this is your case, you will be prompted to set up 2FA when logging in as an existing user. New users who join a company that requires 2FA, will be prompted to set up 2FA at the time of sign up.
You can also opt to turn on 2FA irrespective of company and program policy by going to the Passwords & Credentials tab in your profile section: https://app.snuggpro.com/settings/password
Can I edit my 2FA information?
Yes. You can regenerate a secret key and update your 2FA phone number from the profile section under the Passwords & Credentials tab: https://app.snuggpro.com/settings/password
What if I can't receive an SMS?
If you cannot receive an SMS, you can use your secret fallback key.