Thanks to faster hardware and more sophisticated modern techniques for password cracking, password security is on the decline. With botnets capable of trying billions of passwords a second, it is more important than ever to focus on account security. Two-factor authentication is a powerful security measure offered by Granicus.
How it Works
With two-factor authentication, administrators are required to provide multiple evidences of identity: combining something only the user knows (their password) with something only the user has (their device). Once it has been set up for an organization, all administrators will be required to add security devices for the purpose of logging in. Once a device has been added, the two-factor login process for an administrator looks like this:
- The user enters their email and password on the login page. Upon clicking Login, they are brought to the Code Confirmation screen.
- An authentication code is sent to their device.
- The administrator enters the authentication code in the Code Confirmation screen to successfully log in to the system.
Two-factor authentication works with landlines as well as mobile phones and other text-enabled devices. When an authentication code is sent to a landline, the recipient hears the code in an automated message.
Administrators can enable multiple devices for two-factor authentication and choose which device is sent the authentication code.
What Your Administrators Must Do
Note: Two-factor authentication can only be enabled across your entire organization. It cannot be restricted to specific administrators.
If administrators are currently logged in to the system at the time two-factor authentication is enabled, their sessions will not be interrupted. When two-factor authentication is enabled for your organization, all administrators will be prompted to add a security device and security questions the next time they log in.
If an administrator experiences issues when logging in to an account with two-factor authentication enabled, they can contact Granicus Support using the link at the bottom of this page. Granicus Support will use these security prompts to verify the administrator's identity before helping the administrator log in.
For information about other security measures you can take regarding administrator login, see Administrator Security.
Updating an Administrator's Security Devices and Questions
Administrators can add or remove security devices from their profile and update their security questions.
Note: Administrators must have at least one security device in their profile at all times. To change security devices, add the new one before removing the old one.
To Update Your Own Security Information
- When logged in to the Communications Cloud platform, click your name in the upper right corner.
- In the drop-down user menu, click My Profile and Security.
- On the Administrator Information page, scroll down to the Security Information section to change your security settings.