To ensure the security of sensitive data within Smokeball on your device and to comply with regulations in some states, we have introduced Two-Factor Authentication as an optional selection per staff member.
Two Factor Authentication can be managed via the individual users Staff card.
To enable 2FA, the user will be required to complete a number of steps in verifying their identity, including:
Mobile phone verification
*Any Authenticator App you already have should work. If you don't have one, we recommend Google Authenticator
Once setup is complete, the user will now have Two Factor Authentication set up on their account and will be required to authenticate themselves on login going forward.
We have also added an additional column in the Staff and Users tab to allow firm owners to have visibility over their staff security settings.
Working with 2FA
Once Two Factor Authentication has been enabled for your account, you will now be required to verify yourself each time you log in to smokeball (via desktop, billing or mobile).
Good to Know
We do not support “remember this device” so the user will be required to verify themselves each time they log in
All users can view their colleagues' 2FA status via the new column in the staff and users tab, however, they will not be able to see the information from within the staff card of others.
Users can turn 2FA on for themselves only
Any authentication app will work however, we have recommended the google authenticator within the software
Login credentials will now expire 6 months after a user's first login from v7.5
Users will be prompted to reset their password for 7 days prior to expiry via a yellow bar notification
If they do not reset at this time, they will be presented with a different yellow bar noting that they are working offline and need to reset.