E-Closing has recently added a new security feature, Two Factor Authentication, to provide an additional level of security for our users. This guide will walk you through how to turn this feature on, set it up for your users and how it works.
At E-Closing data security and consumer privacy is one of our top priorities. With an increase in cyber-attacks and phishing schemes it has become increasingly important to strengthen the systems that we use to protect NPPI. The first level of defense, or factor, for most systems is a username and password. We can all agree on the importance of implementing strong passwords and regular password resets and within E-Closing we provide you with the tools necessary to enforce these habits. However, in today’s day and age a single factor like a username and password combination is not enough to adequately protect the data we collect during financial transactions. That is why we have implemented an added level of security that allows your users to validate their credentials using their mobile phone. This secondary level of protection will require your users to validate their credentials any time they are logging in from an unregistered network and at regular periodic intervals. This implementation guide will walk you through the process of implementing two-factor authentication for your office. While two-factor authentication is currently an optional feature within E-Closing at some point it may not. As always please do not hesitate to contact us by phone (603) 485-7951 or by email email@example.com with any questions.
Enabling Two-Factor Authentication
Two-Factor Authentication can be enabled company-wide by going to Back-Office – Rolodex Menu Manage Rolodex and selecting “This Company” from the business type drop-down menu. Within our companies rolodex record there are two settings that pertain to TwoFactor Authentication. The first is labeled “Use Two-Factor Authentication” which defaults to No and should be switched to Yes to enable this feature. The second setting is labeled “Two Factor Authentication Timeout (days)” which is used to set the number of days that can elapse between credential validations assuming our users are logging in from the same network. If a user logs in from an unknown network they will be required to immediately validate their credentials. Validation occurs when a user receives a unique validation code sent by text message to their mobile device and is entered when prompted to validate credentials.
User Settings to Receive Text Message Validation Codes
In order for the Two-Factor Authentication to properly protect your account from unauthorized access you will need to store a valid cellphone number for each of your users in their user records. You can access these records by going to Back Office – Misc. Menu – Manage Users and clicking on each of your company users. The field that will need to be filled in is labeled “Cell Phone”.
Two-Factor Authentication in Practice
Now that you have enabled TFA and registered cell phone numbers for each of your users this is how the feature will work to protect your account:
If a user logs in and does not have a registered cell phone entered in their user record they will be presented with the following informational message:
Users who have valid cell phone numbers entered in their user record will be presented with the following screen upon login and will receive a text message with their one time passcode. This passcode will need to be entered before being allowed access to your account.