2-factor (2FA) authentication requires a password and security code at the time of log in.
The code is available in a special Authenticator app (free for any iOS or Android device) and once activated, does not require an internet connection to operate and can still provide the necessary code.
This code changes every minute inside the app, so it's only valid for that one minute.
If a password is shared or compromised, the person using the password must also have this code that is only available on that device that originally registered the code.
This also prevents accidentally saved passwords from being used on a shared computer like we have in the salons by requiring this rotating code.
Frequently Asked Questions
Q. What are the steps to enable 2FA?
Basic steps to enabling 2-Factor Authentication.
1. Download the Authenticator App for your phone. Link is in the guide at the end and also available under Staff > Update Staff
2. Setup the Authenticator codes for yourself and any management/admin staff, and anyone else you would like to allow access from outside your salon. This is done under Staff > Update Staff and with the person present to scan a QR code. Make sure the phone number is accurate for each staff in case a one-time code is needed for login after Authenticator has been enabled.
3. Enable the level of authentication you would like under General Settings > 2 Factor Authentication (2FA). Select the level of authentication desired and then select Enable Authenticator to turn it on.
4. Log out and back in to make sure it’s working.
Setup Details
Make sure all staff profiles under Update Staff have accurate and updated phone numbers.
3. For each staff profile under Update Staff, select YES or NO for Require Authenticator Code. All staff who access the salon's site outside of the salon must have YES selected.
4. Each staff member will have their own Authenticator QR Code they will scan from the screen and therefore must be present with their phone to scan the code.
To generate this code, click on the RESET AUTHENTICATOR CODE
To disable access for this staff member, click on DELETE AUTHENTICATOR CODE
Example of Authenticator Code Window
In the Authenticator App, tap the + button.
Scan the QR code on your site as shown in previous step.
You may need to click allow to allow use of camera for the Authenticator App.
The code will not show in your Authenticator App.
iPhone
In the Authenticator App, tap the + button.
Scan the QR code on your site as shown in Step 5. You may need to click allow to allow use of camera for the Authenticator App.
The code will not show in your Authenticator App.
The code in the Authenticator App will regenerate every 60 seconds. Test logging in.
Go to your site login and type in your login credentials then click Log In.
This page will now show depending on the 2FA settings for your site.
Open your Authenticator app then type in the 6 digits it displays then click Verify.
You are now logged in.
If you lose your phone, you can request a 1-time use code by text.
Q. How to I remove login access for a staff member?
A. Go to your Tan-Link site > Staff > Update Staff > select the staff > click DELETE AUTHENTICATOR.
Q. How to I reset login access for a staff member?
A. Go to your Tan-Link site > Staff > Update Staff > select the staff > click RESET AUTHENTICATOR.
Q. Why are we doing this?
A. A lot of your sensitive information is on our systems. While we take best care on our end and utilize industry best practices for protection, it’s easy for passwords to be accidentally shared or compromised.
When that happens, anyone can login and change information with your access level.
This change enforces the requirement that the physical phone that was present at the time of the original code registration also be available along with the password to login as you.
Additionally, the code changes every minute so the password, while important, is not enough to login.
Furthermore, it is very easy to disable an account without changing the password immediately.
If you reset the code on the account, the codes inside the app no longer work and any devices that were present at the time of original scan can no longer provide the right code to access this account.
This provides a great level of security and prevents accidental logins to accounts with similar usernames and even the same password.
Q. Will everyone require a code to login?
A. Any devices or computers that are NOT connected to your salons internet (including WiFi) will require this code on each login.
Any computers or devices on WiFi that are connected to your salons internet will require the code based on the salons policy.
While we suggest all logins inside your network also utilize codes, there will be an option to lower the security level and allow staff level employees login access inside the salon without a code.
While we do not suggest waiving code for manager level access, that option is also available.
Anyone with special access or above Manager level access will require this code on each login inside or outside the salon network.
Q. How does the app work?
A. The manager responsible for assigning usernames and passwords will need physical access to the computer that is running inside the salon to generate this code for all employees who will need a code to access TL.
This will be available on Update Staff under passwords.
The code cannot be generated on a computer that is outside your salons internet network for the reasons described above that it would defeat the purpose of the 2 factor authentication.
The step only takes a few seconds for each account and the employee must be present with their device and the app open.
Q. What happens if you lose a device, or get a new device, or need to lock someone out.
A. This is the easiest part.
You can delete the code from the account from anywhere you have access to TL and immediately lock the account from access without even changing the password.
If you decide to reactivate the account, you must repeat the steps to generate the new code to grant access back.
This is also great to do when an employee is leaving temporarily and will return back, just issue them a new code.
Q. How much is the app?
A. The app is free for any iOS or Android device.
Q. What if my policy doesn’t allow phones in the salon, or my employee has a phone that is too old.
A. Although not recommended, you will be able to waive the code requirement on individual accounts that are below the security level set for your site for access within the salon.
Accounts above security levels, or any accounts that need access outside your salon will require the code.
Q. Can this be installed on Windows?
A. No.
The purpose of the code is defeated if the code is stored on the computer or be able to be generated on the computer outside of the one time it can be accessed from Update Staff.
Q. When will this be rolled out?
A. You can install the app immediately and ask your staff to do the same. Scan the appropriate code below.
Links and QR codes for the Authenticator App
iOS (Apple)
Click the link below if you are on your phone to download the authenticator app onto your iPhone.
Scan the QR code below with your phone if you are on a desktop computer or laptop.
Google Play (Android)
Click the link below if you are on your phone to download the authenticator app onto your Android phone.
Scan the QR code below with your phone if you are on a desktop computer or laptop.
Comments
0 comments
Please sign in to leave a comment.