Versions Compared

Version Old Version 1 New Version Current
Changes made by

Carl Clark

Gemma Heidemann

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Basically, if someone was attempting to compromise an account, they would not only need the username and password but also the device where the 2FA has been registered. Additionally, 2FA applications running on a device have their own layer of security that you need to get through before you can approve any 2FA request.

Table of Contents

Authenticator Applications

...

Effectively an authenticator application that provides the verification code, provides a code that is only valid for a short period of time. If this time expires or the time of the authenticator application device or the application itself are not in sync, the verification code will be rejected. There is a tolerance built into the TOTP algorithm specification which can be implemented to allow a for a small amount of clock drift.

I’m having issues, What should I do?

We suggest that you You need to ensure that your devices running your authenticator application has it's time to set automatically. This should ensure that you device always has the correct time on it by using the internet to synchronise it's time with rather than manually setting the time.

Info

Even if you manually set the time and it looks right, it could be just far enough out from the other device’s time to cause the authentication not to work.

On a computer

You can do this by going in to the time on your computer (bottom right of main screen) and right clicking. Then choose Adjust date/time from the settings.

...

Ensure that Set Time Automatically is turned on.

...

This needs to match up with the relevant authenticator device you are using. If you are using a phone, your phone time and the computer time need to be the same.

For your phone device that runs the authenticator app, please ensure your time is set to automatically sync. This is different on every device however it is normally under Settings > Date & Time.

Can I just not use the Authenticator?

For many reasons, Wise Owl Legal does not support turning off the Two Factor Authentication for your users.

The first and foremost is your security. If someone is able to hack your username and password, they can do significant damage in your Wise Owl Legal database.

Two Factor Authentication is a widely used security tool to ensure that you don’t have your data stolen, hacked or broken.

If you work from a fixed location such as an office or at home, we can add in your IP Addresses into the security settings. Once an IP Address is added in, you no longer have to fill in the Two Factor Authentication code as the IP Address provides the security (as long as the IP Address doesn’t change).

Info

An IP Address is a unique string of characters that identifies each computer using the Internet to communicate over a network.

There are two types of IP Addresses:

  • Fixed (Static) - This does not change unless a major reboot is done by your Internet Provider

  • Dynamic (Flex/ changing) - This will change periodically dependent on the processes used by your Internet Provider. If this changes, it will need to be changed in Wise Owl as well.

Technical Reference

From the Internet Engineering Task Force (IETF) RFC 6238 - TOTP: Time-Based One-Time Password Algorithm (ietf.org) - notably Section 6 which talks about resynchronisation.