Audience: Builder/ Supplier/ User
Read time: 7 mins
Article contents: FAQ/ How To/ Video
Intro
For most Buildxact users, 2-Step Verification is an optional security setting on their account. In some jurisdictions 2-Step Verification is mandatory for accounts that connect to accounting packages (For example Australian Xero users). Additionally, users sharing a single login should be aware that only one authenticator app link can be active at a time, which might cause conflicts in accessing the account.
What is 2-Step Verification?
2-Step Verification adds an extra layer of security to keep your Buildxact account and data safe, making it harder for an unauthorized person to gain access to your account. If you have 2-Step Verification enabled, when you log in to Buildxact, you will be required to enter a verification code that is sent to an app on your mobile device.
How to Enable 2-Step Verification
Watch the following video or follow the steps below outlined below.
β
βNote: this video covers only the phone login option, if you're struggling with this, the steps below also cover the email verification option.
Navigate to My Profile
Toggle on the 2-Step Verification button. To disable 2-step verification toggle this button off.
After toggling on the 2-step verification button you will see the message below.
Click Setup now.
If you want to continue working and complete the set up next time you log in, click Later.
After you enter your email address and password on the log in screen, you will see a QR code. Scan the code with an authenticator app on your mobile device.
For a list of which authenticator apps we recommend, see the Which authenticator app should I use? guide below.
Resetting 2-Step Verification as a tenant owner
If you are the Owner (TenantRole = Owner) in the Buildxact subscription plan, you can reset 2-step verification for your other non-owner users.
If a user requires their two-step verification to be reset, this process will send them a new QR code to scan using an authenticator app. Note that only one device can be linked to their account at a time, and all previous authenticator links and recovery codes will be invalidated upon reset. Consider using a single device for the authenticator app or creating individual logins for shared accounts to prevent conflicts.
When viewing the Users page an owner can see whether the user has 2-step verification enabled (1) and can execute the Reset 2 Step Verification for non-owner users (2).
Once an owner user resets the 2-step verification, the non-owner user will be required to restart the verification process (scanning the QR code etc).
Enter the code provided by your authentication method.
Record the recovery code you are provided - this will be needed if you no longer have access to your mobile device.
Clicking on the next arrow will confirm the setup of your 2-Step Verification and allow you to log in by clicking 'Continue'.
Challenges and Solutions for Using Two-Factor Authentication with Shared Logins
Two-factor authentication (2FA) enhances account security by requiring a second verification step, often through an authenticator app. However, 2FA can pose unique challenges when a single login is shared among multiple users. Below, we provide a detailed overview of these challenges and recommended solutions to maintain both security and functionality.
What is the Problem with Sharing Logins with 2FA?
When multiple individuals share a single login, only one authenticator app link can be active for that account at any given time. If a second person tries to set up the login on their authenticator app, it will break any existing link set up by the first person. This limitation arises because most authentication systems are designed for individual use.
Consequences:
The previous authenticator link becomes invalid.
Users may be locked out of the account if coordination is not maintained.
Suggested Solutions for Managing 2FA with Shared Logins
To avoid conflicts and ensure continuous access to the account, consider the following approaches:
Use a Single Shared Device for Authenticator Codes Have all users rely on one designated device where the authenticator app is installed. This avoids breaking the 2FA link while ensuring everyone has access to the necessary codes.
Create Individual User Logins If possible, set up separate logins for each individual user. This approach not only eliminates 2FA conflicts but also enhances security by providing individual accountability and personalization.
Best Practices for Securing Shared Logins
Communicate among users: Ensure all users understand the necessity of maintaining a single authenticator link or using separate logins.
Enable backup options: Set up backup codes or an alternate 2FA method to recover account access if needed.
Review account activity: Regularly monitor login activity to detect unauthorized or suspicious behavior.
Final Thoughts
While sharing login credentials might seem convenient in some scenarios, it introduces unnecessary risk and complexity, especially with two-factor authentication enabled. For optimal security and ease of use, rely on a single shared device for authentication or, better yet, create individual logins for each user. By following these steps and best practices, you can prevent disruptions and maintain secure access to your shared accounts.
Logging in with 2-Step Verification
Once you have set up your authentication method, log in to Buildxact by entering your username and password, followed by the code generated by your authentication method. If you are logging in from the same computer and browser each time, you can choose to be asked for a code once every 30 days.
On the login page, enter your email address and password. Click Continue.
2. Open your authentication App and retrieve the 6-digit code. Enter the code in the box shown.
3. Select the box Remember this device for 30 days. After 30 days you will need to enter a new code.
Click Continue to log in to Buildxact.
What do I do if I have trouble scanning the QR code?
If you are having trouble scanning the QR code, click on the Trouble scanning? link shown below and you will be sent a code to enter manually. If the issue persists and the code you enter is still not accepted, verify that the code is entered exactly as shown and that it hasn't expired. You may also try restarting your device or ensuring the app generating the codes is synced properly.
Alternative ways of logging in with 2-Step Verification - email
If you don't have an Authenticator App, you can receive your 2-Step Verification Code via email by following these steps.
On the login page, enter your email address and click Continue
2. Enter your password and click Log In
3. The next screen will ask you to enter the 6-digit code from your authentication method.
4. Instead, click on Other ways to receive your code.
5. Click on Email from the list of options
6. You will receive an Email with a 6-digit verification code. Copy and paste the 6-digit code here.
7. Selecting Remember this device for 30 days will remember your code on this device for 30 days. After 30 days you will need to enter a new code.
Clicking Continue will log you in to Buildxact.
Troubleshooting Authentication Code Errors
If you encounter errors stating incorrect authentication codes, take the following steps:
Verify the Code: Make sure the code is entered as it appears and is not expired.
Reset Your Password: If the issue persists, attempt a password reset and try again.
Troubleshoot Two-Step Verification: Restart your device or check whether the app is synced correctly.
Contact Support: If none of the above resolves the issue, reach out for manual troubleshooting or account verification.5. Shared Login Issues: If the account is shared among multiple users, verify that only one device is used for authentication or ensure separate logins are created for each user.