As a publisher, you can – and should! – require your employees to authenticate with multiple factors, making it harder for unauthorized persons to hack into the Iteras account.
This feature is enabled in the account settings under Primary settings. There are three options:
No secondary credebtial: You rely solely on username and password; i.e., two-factor login is not enabled.
Users can register secondary credentials: Users are given the option and encouraged to register a secondary authentication method.
On each login, remind users to register secondary credentials: Users are continuously prompted to register secondary login.
It is the user’s responsibility to create the secondary login if it is to remain private. And that’s the point. Therefore, as a publisher, you should encourage your employees to set this up and possibly instruct them on how to do so. This process is supported by Iteras, which with the last option can remind users of the necessity each time they log in.
Two types of secondary authentication are supported. As a publisher, you do not need to choose on behalf of your employees – each employee can freely select among the available options, which are:
Time-based one-time passwords (TOTP): In short, this involves generating a key and entering it into an app – typically on a mobile device – which then generates a 6-digit code that changes every 30 seconds. The current code is entered when logging in. Examples of such apps include Google Authenticator or Duo Mobile. Note that it is important the phone’s clock is set correctly; otherwise, the code will not work. This is achieved by setting the phone to automatically synchronize time.
The other is through the relatively new WebAuthn standard, where the browser queries the operating system for available options. This allows the use of USB security keys such as these: https://leetronics.de/en/shop/solo-security-key/
In addition, you will still need to use your password.