Simply put, 2FA provides additional security against account. Which I am all sure we can appreciate in today's environment we have to concede to, as annoying as it can be.

1. The first factor is your normal username and password.

2. The second factor is a verification code from an application on a mobile device or computer.

Basically, if someone was attempting to compromise an account, they would not only need the username and password but also the device where the 2FA has been registered. Additionally, 2FA applications running on a device have their own layer of security that you need to get through before you can approve any 2FA request.

Authenticator Applications

There are many applications on the market and generally freely available. Some notable mentions:

1. Bitwarden Open Source Password Manager | Bitwarden - providing access to your credentials across the web, on your PC as a desktop application, your mobile devices as an application.

2. Microsoft Authenticator for mobile devices (Android and iOS).

3. DUO.

4. Google Authenticator App.

TOTP (Time-based One-time Password) and what does that mean to me?

Make sure the time on your device running your authenticator application is correct.

Another term used for 2FA is OTP (one-time password) and TOTP (Time-based One-time Password). Wise Owl uses TOTP.

Effectively an authenticator application that provides the verification code, provides a code that is only valid for a short period of time. If this time expires or the time of the authenticator application device or the application itself are not in sync, the verification code will be rejected. There is a tolerance built into the TOTP algorithm specification which can be implemented to allow a for a small amount of clock drift.

I’m having issues, What should I do?

You need to ensure that your devices running your authenticator application has it's time to set automatically. This should ensure that you device always has the correct time on it by using the internet to synchronise it's time with rather than manually setting the time.

On a computer

You can do this by going in to the time on your computer (bottom right of main screen) and right clicking. Then choose Adjust date/time from the settings.

Open

Ensure that Set Time Automatically is turned on.

Open

This needs to match up with the relevant authenticator device you are using. If you are using a phone, your phone time and the computer time need to be the same.

For your phone device that runs the authenticator app, please ensure your time is set to automatically sync. This is different on every device however it is normally under Settings > Date & Time.

Can I just not use the Authenticator?

For many reasons, Wise Owl Legal does not support turning off the Two Factor Authentication for your users.

The first and foremost is your security. If someone is able to hack your username and password, they can do significant damage in your Wise Owl Legal database.

Two Factor Authentication is a widely used security tool to ensure that you don’t have your data stolen, hacked or broken.

If you work from a fixed location such as an office or at home, we can add in your IP Addresses into the security settings. Once an IP Address is added in, you no longer have to fill in the Two Factor Authentication code as the IP Address provides the security (as long as the IP Address doesn’t change).

There are two types of IP Addresses:

• Fixed (Static) - This does not change unless a major reboot is done by your Internet Provider

• Dynamic (Flex/ changing) - This will change periodically dependent on the processes used by your Internet Provider. If this changes, it will need to be changed in Wise Owl as well.

Technical Reference

From the Internet Engineering Task Force (IETF) RFC 6238 - TOTP: Time-Based One-Time Password Algorithm (ietf.org) - notably Section 6 which talks about resynchronisation.