Logging in

  1. Staff cannot login to the Staffarea
  2. Cannot login to the main portal
  3. Can I turn off Two-Factor authentication
  4. What does Two-Factor authentication actually prevent?
  5. Can more than one person still login to the same account using Two-Factor authentication

Staff cannot login to the Staffarea

Here are some pointers to get them logged in:

Incorrect login page

Occasionally staff may stumble across the admin portal login page and be trying to log in here instead. Please ensure that they have /staffarea included in the URL.

Failed attempts to login to the main portal will produce the following dialogue that is directed at your event and field staff informing them that this is not their login page and to click the link to go to the staffarea login

Reset their password

There are two ways to reset a staff profile password

  • Staff can use the forgot password link on the staffarea login page
  • You can reset their password in the main portal
    • Go to the Staff Profile
    • Go Main Details > Contact tab
    • In the first column you can add a new password

Cannot login to the main portal

When attempting to login to the admin portal with an incorrect password you may see this dialogue as is to inform your field and event staff that might be trying to accidentally login to the main portal instead of the staffarea:

Here are some pointers to get you logged in:

Incorrect login page

Please ensure you are trying to login to the admin portal and not the staffarea.

View your password to ensure it's correct

You can click on the eye icon next to the password field to view the password.

This can be useful as some browser auto-fills may populate with older passwords.

Reset your password

Click on the forgot password link to create a new password.

We recommend using this in conjunction with viewing the password in the password field when you attempt to log back in to ensure that the new password has been saved correctly in the browser if you use auto-fill.

Can I turn off Two-Factor authentication

Two-factor authentication cannot be turned off. Cyber attacks are becoming increasingly sophisticated and more common.

Two-factor authentication (2FA) adds an extra layer of security to your accounts and data by requiring not just a password but also a second form of verification. Here are the main reasons why you should use 2FA:

  1. Enhanced Security:

    • Password Vulnerability: Passwords can be compromised through various means such as phishing, brute force attacks, or data breaches. 2FA significantly reduces the risk by adding an additional layer of protection.
    • Additional Verification: Even if an attacker manages to obtain your password, they would still need the second factor (e.g., a code sent to your phone or generated by an authentication app) to access your account.

  2. Protection Against Phishing:

    • Real-Time Phishing Defense: Phishing attacks often trick users into providing their passwords on fake websites. With 2FA, even if your password is stolen, the attacker cannot access your account without the second factor.

  3. Mitigates Password Reuse Risks:

    • Common Practice: Many people reuse passwords across multiple sites. If one site is compromised, all accounts using the same password are at risk. 2FA helps mitigate this risk by requiring a second form of verification.

  4. Compliance with Security Standards:

    • Regulatory Requirements: Many industries have regulations and standards that mandate the use of 2FA for certain types of data. Using 2FA can help ensure compliance with these requirements.

  5. Protection of Sensitive Information:

    • Personal and Financial Data: 2FA provides an additional layer of security for personal and financial information, making it harder for unauthorized individuals to access sensitive data.

  6. Improved Account Recovery:

    • Lost or Forgotten Passwords: 2FA can assist in account recovery processes. For instance, if you forget your password, the second factor can be used to verify your identity and reset your password securely.

  7. Increased Trust and Confidence:

    • User Assurance: Knowing that 2FA is enabled can give users confidence that their accounts are more secure, enhancing trust in the service or platform.

Implementing 2FA is a straightforward way to significantly enhance your account security, making it a best practice for protecting your online presence and sensitive information.

What does Two-Factor authentication actually prevent?

Two-Factor Authentication (2FA) is a security measure designed to add an extra layer of protection to your online accounts. By requiring two forms of identification before granting access, 2FA significantly reduces the risk of unauthorized access. Here's what 2FA helps prevent:

  1. Account Compromise Due to Password Theft

    • Password Breaches: If a hacker obtains your password through a data breach or by guessing, they still won't be able to access your account without the second factor.
    • Phishing Attacks: Even if you accidentally provide your password to a fake website, the attacker won't be able to log in without the second authentication step.
       

  2. Man-in-the-Middle (MitM) Attack

    • Interception of Login Details: In MitM attacks, an attacker intercepts the communication between you and the website. Even if they capture your password, they won’t have access to the second factor needed to log in.​​​​​​​

  3. Brute Force Attacks

    • Automated Guessing: Attackers use automated tools to guess passwords. Even if they succeed in guessing the correct password, they would still need the second factor to access the account.

  4. Credential Stuffing

    • Reuse of Stolen Passwords: Hackers often use passwords stolen from one service to try and access accounts on other services. 2FA prevents access even if they have a correct password.

  5. Insider Threats

    • Internal Breaches: If someone inside an organization tries to access accounts using known passwords, 2FA adds an additional barrier, making unauthorized access more difficult.

  6. Device Loss or Theft

    • Unauthorized Access to Devices: If your device (like a laptop or smartphone) is lost or stolen, the person who finds or steals it would also need your second factor to access sensitive accounts.

2FA doesn't make systems entirely invulnerable, but it dramatically increases the difficulty for attackers. It’s an essential tool in modern cybersecurity, providing a strong defense against a variety of common threats.

Can more than one person still login to the same account using Two-Factor authentication

Yes, you can.

When at the Two-Factor authentication setup page you would need all people that require access to this account to scan the QR code or add the secret key to their authenticator app.

Setup details can be found here: Logging in for the first time with Two-Factor Authentication (2FA)

If you have already setup your 2FA for just 1 person to access, you must reset the 2FA for that account to start the process again so all people can scan the QR code or add the secret key to their authenticator app. See: Resetting Two-Factor Authentication (2FA) for an admin account