Using Two-Factor Authentication

Explaining Two-factor authentication and how to set it up and protect your account

Written By Grainne Reidy (Super Administrator)

Updated at October 7th, 2024

Introduction

The security of your financial data is essential to us. One of the easiest and most effective ways you can protect your account is to use Two-Factor Authentication (2FA).

Why do I need 2FA?

No matter how security conscious you are, it is easier than you would imagine for someone to steal or guess your password. Unfortunately, phishing and hacking attempts are common in financial systems. Any of the following could put you at risk of having your password stolen:

  • Using the same password for more than one site
  • Downloading software from the internet 
  • Clicking on links in email messages from unknown senders

Protecting yourself with Two-Factor Authentication makes it much harder for cyber-criminals to impersonate you and gain access to your finance system.

How 2FA works

With 2FA you must enter your login details in addition to a code generated from your linked mobile app. Verification codes are unique and can only be used once. Most apps can generate verification codes even when your device has no phone or data connectivity. You will also receive a set of one-time-use Recovery Codes that you can print or download for use if your phone is unavailable. 

No one else can log into your account, as you are the only person who knows your login name, and password and has access to your authentication device.


If you log into different companies using a group login, you only need to set 2FA up once and it will apply to all companies within the group. If you have more than one login name and/or log into multiple companies, you can set up separate 2FA accounts using the same app. If you always use the same computer and browser to log into the finance system, then you can choose to enter the code once every 30 days rather than each time you log in.

Delete

Enabling Two-Factor Authentication

1. Enable 2FA in AccountsIQ 

Go to Setup Two-Factor Authentication.

To set up 2FA, you must verify your identity using an OTP (One Time Pin) or by entering your password.

2. Download an authenticator app to your mobile device 

If you already use an authenticator app for accessing other accounts, you can add another account to it for AccountsIQ. 

If not, there are some industry-standard apps that we recommend:

  • Microsoft Authenticator (for Windows phone, Android, or iOS). 
  • LastPass Authenticator (for Android and iOS). 
  • Alternatively, search for "Authenticator " in your device's app store and pick your preferred app.

Follow the instructions to download your app of choice and set up an account.

3. Link your Authenticator app to AccountsIQ

Scan the QR Code using your mobile device to link the app to your AccountsIQ account.

Finally, input the Verification Code from the app into the system.

4. Securely store your recovery codes

A confirmation message will appear on the screen along with a set of Recovery Codes.

You need to save these Recovery Codes somewhere safe. They are the only way you will be able to access the system without your mobile phone if you have 2FA enabled. 

Each code will expire when it has been used to log on to the system. We recommend downloading a new set of codes when you have used 8 or 9 of the codes.

Delete

Warning

If you do not have access to your linked device or set of Recovery Codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.

Support@accountsiq.com do not have access to disable Two-Factor Authentication on your behalf.

Delete

Logging in using Two-Factor Identification

If you have enabled 2FA, you will need to use it every time you log into the system. (There is an option Remember me on this device for the next 30 days, see below for more details on how this works.)

1. Go to your normal login screen and enter your Company ID, Username and Password as usual.


2. You will then be prompted to enter the generated code from your linked authentication device. 


If you tick Remember me on this device for the next 30 days before entering the code, you will only need to enter it every 30 days. In this context, a device refers to an internet browser. If you use a different browser, an incognito session, or clear your cookies, you will need to reenter your code. You should only click this option on a trusted device and never on a shared or public device.


If the code is accepted, then you will be logged into the system.

An error will be displayed if the code has expired or is entered incorrectly.

Try reentering the code, or if you are unable to do that, click Use one of your Recovery Codes instead link to use one of your recovery codes instead. Recovery Codes cannot be entered from the login screen.



Delete

Warning

If you do not have access to your linked device or set of Recovery Codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.

Support@accountsiq.com do not have access to disable Two-Factor Authentication on your behalf.

Delete

Resetting your Recovery Codes

The Recovery codes are unique to each user and each code can only be used once to log into the system. After use, each code expires. It is extremely important therefore to download a new set of recovery codes when the current set has been used.

When you generate a new set of recovery codes, the old set will no longer work.

To generate a new set of Recovery Codes:

1. Go to Setup > Two-Factor-Authentication.


2. Enter your system password, then click on Reset Recovery Codes from the left menu.

3. Click on Regenerate Recovery Codes.


4. Make a note of the new codes and delete the old set of codes to avoid any confusion.


5. Store the codes somewhere safe but accessible.

Delete

Warning

If you do not have access to your linked device or set of recovery codes, there is no way to access the system. We strongly recommend that you save your recovery codes somewhere secure and accessible.


Support@accountsiq.com do not have access to disable Two-Factor Authentication on your behalf.

Delete

Disabling Two-Factor Authentication

If you decide that you no longer require 2FA, you can disable it.

1. Go to Setup > Two-Factor Authentication.

2. Enter your system password, then click Disable Two-Factor.

Delete

FAQs 

I don't have my phone with me, how can I log into the system?

If you don't have your mobile device with you, the only way to log into the system is to use your backup codes. Neither your local admin user nor AIQ support team will be able to bypass 2FA. It is important therefore to store your Recovery Codes in a place that will always be accessible to you. 

What if I have more than one login account?

If you log into different companies using a group login (3-5 letters followed by 0000) you only need to set 2FA up once and it will apply to all companies within the group.

If you have more than one login name and/or log into multiple companies (3 letters followed by 4 numbers) you can set up separate 2FA accounts using the same app.

Delete