NOTICE: In the coming weeks we're going to require all Syncro accounts to set up 2FA for all users. We encourage you to enable 2FA now to prepare your team for this change.
We will also be improving our current 2FA system [including a rename to Multi-Factor Authentication (MFA)] in order to provide you with more robust options. More information on this will be shared via the Syncro app and email. Read more about this here.
Two Factor Authentication is where you need an additional bit of information like a one-time use code in addition to your username and password to login. It greatly enhances the security of your account. We have followed industry best practices and enabled 2FA just like all the big players on the internet.
What it Does
- Secures your account by requiring the code once per 30 days (per browser)
- Allows for recovery using offline recovery codes and/or SMS recovery code
What it Doesn't Do
- Saves your passwords or other credentials
You can first opt-in yourself by visiting the "Profile/Password" page. Then scroll down and enable it.
You will be in a wizard, and it won't be turned on unless you successfully enter one code.
Now open the Google Authenticator (or similar/compatible app) from your smart phone and scan the QR code to add the account to your smartphone.
Great! Now it's enabled. Now you should download some one-time-use recovery codes and put them somewhere very safe. You can access your account with these if you lose access to that Authenticator Profile you just added
Now you should really also setup recovery SMS
Now you are really done setting yourself up. If you want, you can force everyone in your company to do this. WARNING: Once you enable it, they are immediately forced into this setup wizard so time it when everyone is ready to set it up or you might lock people out.
You can see which users have enabled it here too
One of our core values is to increase security broadly, but to do it proactively. It is becoming increasingly common in the IT space to encourage (and in some cases require) Multi-Factor Authentication on tools that businesses use to support their clients. We feel that it is in everyone's best interest for Syncro to require Multi-Factor Authentication across all Syncro accounts in the coming weeks.
We will be sharing plans and timing for these changes via in app notifications and email leading up to the new enforcement.
As an organization, we’ve required multi-factor security on the tools we use internally and maintain many layers of security for our staff. Similarly, we take steps to secure our platform and are constantly working on protections in the back-end of the software. We believe that Syncro Users encourage their clients to enable 2FA on the software in use at their businesses, and having this security from end-to-end ensures protection against compromised accounts before they happen.
If someone gets locked out, an admin on your account can "unlock" a user account, but without recovery codes or recovery SMS a user account cannot be unlocked.