Frequently Asked Questions (FAQs) About 2FA

  • Updated

This article aims to provide a thorough explanation of Two-Factor Authentication (2FA), a security process that adds an extra layer of protection to your accounts. By understanding and implementing 2FA, you can significantly enhance the security of your sensitive data and online presence. Let's dive into the what, why, and how of 2FA to empower you with the knowledge you need for safer online interactions.

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) is a method of confirming a user's claimed identity by utilizing a combination of two different factors:

  • Something they know (like a password or PIN)
  • Something they have (like a smartphone app or a hardware token)

By requiring a second form of identification, 2FA makes it harder for potential intruders to gain access to an individual's devices or online accounts because knowing the victim's password alone is not enough to pass the authentication check.

Recovery codes 

Q. How do I generate my recovery codes?  
 Please refer to this article for step-by-step instructions on how to generate and save your recovery codes. Keep your recovery codes private and do not share them with others as they can be used to access your account without 2FA.  


Q. How do I regenerate my recovery codes? 
 You can regenerate your recovery codes by navigating to My Account > Security > Manage Two-Factor Authentication Methods > click the Regenerate Recovery Codes tile. Please download, print or copy your recovery codes and keep them somewhere safe.  


Resetting 2FA 

Q. I'm an Administrator in Re-Leased. Can I reset any of my users’ 2FA without going through customer support? 
Yes. Administrators can reset users' 2FA within Re-Leased. Navigate to Settings > Users > click reset now link to reset. The user will receive an email with a reset link which is valid for the usual 30 mins from resetting. Click here to learn more. 


 Q. I’m an Administrator in Re-Leased. How can I reset my own 2FA settings? 
  Navigate to Settings > Users > click reset now link next to your name to reset. Click here to learn more. 
 

 Q. Do I need to reset 2FA if I uninstall the authenticator app or lose/get a new phone? 
  If you uninstall your authenticator app or lose/get a new phone, you will need to reset 2FA for any accounts that you had set up with 2FA. However, there are a few options available to transfer your 2FA details to a new device without having to reset everything. 

  • If you use Authy, you can simply download the app on your new device and log in using your existing Authy account details. Authy automatically synchronises your 2FA details across all your devices, so you don't need to transfer anything manually. Additionally, you can also log in to Authy on a desktop or laptop to access your 2FA codes from there. 
  • If you use Google Authenticator, you can manually transfer your 2FA details from one device to another if you have both devices. To do this, you need to disable 2FA on your account, then re-enable it and set it up again on your new device using the same key or QR code that you used previously.
     

Disabling and opting out of 2FA  

Q. Can I opt out of 2FA? 
 Two-factor authentication will become required for all customers who are not using single sign-on, as this helps to ensure the highest level of security for both you and your customers. Without 2FA, you are effectively eliminating an additional layer of protection that helps prevent unauthorized access to your account and safeguard you from identity theft, data breaches, financial fraud, and reputational damage to your business. 

Q. Is 2FA mandatory for the Re-Leased mobile apps? 
 Yes. Once 2FA is enabled for your web account, you will also be required to use 2FA when you sign into any of the Re-Leased mobile apps.  
 

Q. Is 2FA also required for my customers, such as property owners, who might use the Re-Leased mobile app? 
 When a user is a contact in Re-Leased (such as a property owner), 2FA won't be available or required. 2FA will only be enforced when the user has a web login in Re-Leased. 

 

Q. If I'm off-site and I want to access any of the Re-Leased mobile apps, do I have to go through 2FA to access them? 
 Yes, all Re-Leased users with a Re-Leased web login wishing to access any of the mobile apps offsite are required to have an authenticator app to sign in once 2FA has been enabled on their accounts. Users who opted for a physical security key or biometrics options to set up 2FA, can’t currently access the Re-Leased apps. Please contact customer support if you need to change your 2FA authenticator method to gain access to your Re-Leased mobile apps. 

 

Q. Can Re-Leased users decide whether 2FA is required at the app sign-in? 
 Unfortunately, there's no option to configure this at the moment. 


User login questions  

Q. Multiple users in our organisation need to use the same login and 2FA to Re-Leased. What should we do? 
 Sharing the same logins is not recommended, but if it is required for a short while, you can consider getting a password manager account. Another option is to use Authy as the chosen Authenticator App and: 

  • Either use Auhty’s multi-device function which allows users to set up multiple devices to access the same Authy account , or
  • Log in to Authy on a desktop or laptop to allow different team members to access their 2FA codes from there.  

Q. I’m setting up a new device and Windows security blocs me, asking for a security key to log into Re-Leased. Is there a way to turn off my 2FA? 
 We won't able to turn off 2FA, but we can reset this for you if needed. You can then remove and re-add your security key or change the authentication method if needed to get around this. 


Q. I set up 2FA when I was working in the office using Authy. Now I'm working remotely at home and trying to log in, but the Authy desktop authenticator app doesn’t let me in as I’m using a different device. I'm stuck, can you help? 
We recommend all Authy users enable Authy’s multi-device and back ups features to set up multiple trusted devices to use the same Authy account and for tokens to sync across these devices.  Please note, Authy has also added a new security feature for Authy Desktop version 2.2.3, which prevents third-party applications from accessing the Authy screen. You will not be able to take screenshots of the Authy application, share it in share mode of applications like Zoom or Teams, nor in remote desktop environments.

Was this article helpful?