What is Two-factor authentication (2FA)?
Two-Factor Authentication (2FA) is sometimes called multiple-factor authentication. It's an additional layer of protection to secure online accounts against unauthorized logins even if someone knows your password. While passwords are commonly used for user verification, they are susceptible to cyberattacks such as phishing and password spray.
By enabling 2FA, you ensure that there are at least two verification factors in place, making it harder for potential attackers to gain access to your systems and cause significant financial or operational harm.
We highly recommend implementing 2FA as one of the best ways to secure your online property management software.
Why should I use 2FA?
2FA adds an extra layer of security to every online platform you access. The first layer is generally a combination of an e-mail (or username) and password. Adding one more step of authenticating your identity makes it considerably harder for an attacker to access your data. If your password is compromised, the attacker still cannot obtain access to your account.
This drastically reduces the chances of fraud, data loss, or identity theft.
How does two-factor authentication work in Re-Leased?
Re-Leased supports both smartphone-based (TOTP) authenticators as well as industry best practice hardware/biometric-based physical authenticators.
How to enable 2FA for your account
Setting up 2FA is a simple and fast process. You can begin by accessing your Re-Leased account settings and following the instructions to configure your second form of authentication.
To assist you in this process, we've provided helpful instructional videos that guide you through each available step method. To get started, simply click on one of the available setup options below.
- How to set up two-factor authentication using an authenticator app
- How to set up two-factor authentication using a physical authenticators/key
FAQ
Answers to frequently asked questions about Two-factor Authentication and info about how to contact us if you need more help
Recovery codes
Q. How do I generate my recovery codes?
Please refer to this article for step-by-step instructions on how to generate and save your recovery codes. Keep your recovery codes private and do not share them with others as they can be used to access your account without 2FA.
Q. How do I regenerate my recovery codes? You can regenerate your recovery codes by navigating to My Account > Security > Manage Two-Factor Authentication Methods > click Regenerate Recovery Codes tile. Please download, print or copy your recovery codes and keep them somewhere safe.
Resetting 2FA
Q. I'm an Administrator in Re-Leased. Can I reset any of my users’ 2FA without going through customer support? Yes. Administrators can reset users' 2FA within Re-Leased. Navigate to Settings > Users > click reset now link to reset. The user will receive an email with a reset link which is valid for the usual 30 mins from resetting. Click here to learn more.
Q. I’m an Administrator in Re-Leased. How can I reset my own 2FA settings? Navigate to Settings > Users > click reset now link next to your name to reset. Click here to learn more.
Q. Do I need to reset 2FA if I uninstall the authenticator app or lose/get a new phone? If you uninstall your authenticator app or lose/get a new phone, you will need to reset 2FA for any accounts that you had set up with 2FA. However, there are a few options available to transfer your 2FA details to a new device without having to reset everything.
- If you use Authy, you can simply download the app on your new device and log in using your existing Authy account details. Authy automatically synchronises your 2FA details across all your devices, so you don't need to transfer anything manually. Additionally, you can also log in to Authy on a desktop or laptop to access your 2FA codes from there.
- If you use Google Authenticator, you can manually transfer your 2FA details from one device to another if you have both devices. To do this, you need to disable 2FA on your account, then re-enable it and set it up again on your new device using the same key or QR code that you used previously.
Disabling and opting out of 2FA
Q. Can I opt out of 2FA? Two-factor authentication will become required for all customers who are not using single sign-on, as this helps to ensure the highest level of security for both you and your customers. Without 2FA, you are effectively eliminating an additional layer of protection that helps prevent unauthorized access to your account and safeguard you from identity theft, data breaches, financial fraud, and reputational damage to your business.
2FA questions relating to the landlord, property manager and tenant mobile apps
Q. When 2FA becomes mandatory, will it also become mandatory for the Re-Leased mobile apps? Yes. Once 2FA is enabled for your web account, you will also be required to use 2FA when you sign into any of the Re-Leased mobile apps.
Q. Is 2FA also required for my customers, such as property owners, who might use the Re-Leased mobile app? When a user is a contact in Re-Leased (such as a property owner), 2FA won't be available or required. 2FA will only be enforced when the user has a web login in Re-Leased.
Q. If I'm off-site and I want to access any of the Re-Leased mobile apps, do I have to go through 2FA to access them? Yes, all Re-Leased users with a Re-Leased web login wishing to access any of the mobile apps offsite are required to have an authenticator app to sign in once 2FA has been enabled on their accounts.
Users who opted for a physical security key or biometrics options to set up 2FA, can’t currently access the Re-Leased apps. Please contact customer support if you need to change your 2FA authenticator method to gain access to your Re-Leased mobile apps.
Q. Can Re-Leased users decide whether 2FA is required at the app sign-in? Unfortunately, there's no option to configure this at the moment.
User login questions
Q. Multiple users in our organisation need to use the same login and 2FA to Re-Leased. What should we do? Sharing the same logins is not recommended, but if it is required for a short while, you can consider getting a password manager account. Another option is to use Authy as the chosen Authenticator App and:
- either use Auhty’s multi-device function which allows users to set up multiple devices to access the same Authy account
- or log in to Authy on a desktop or laptop to allow different team members to access their 2FA codes from there.
Q. I’m setting up a new device and Windows security blocs me, asking for a security key to log into Re-Leased. Is there a way to turn off my 2FA? We won't able to turn off 2FA, but we can reset this for you if needed. You can then remove and re-add your security key or change the authentication method if needed to get around this.
Q. I set up 2FA when I was working in the office using Authy. Now I'm working remotely at home and trying to log in, but the Authy desktop authenticator app doesn’t let me in as I’m using a different device. I'm stuck, can you help? We recommend all Authy users enable Authy’s multi-device and back ups features to set up multiple trusted devices to use the same Authy account and for tokens to sync across these devices.
Please note, Authy has also added a new security feature for Authy Desktop version 2.2.3, which prevents third-party applications from accessing the Authy screen. You will not be able to take screenshots of the Authy application, share it in share mode of applications like Zoom or Teams, nor in remote desktop environments.
If you still have questions or need further help, please contact the Re-Leased customer support team.