What is 2FA?
2FA is an additional security measure over and above an email and password which means that your users have to provide an authentication code via an authenticator app (e.g. the Google Authenticator) in order to login to Mention Me. This protects your employees from having their passwords phished.
Can I turn on 2FA for my admin users of Mention Me?
2FA is automatically turned on for all Mention Me clients during onboarding.
How does 2FA work for clients?
2FA applies to ALL of your Mention Me admin users. Each user will be asked to set up 2FA when they next log in.
The steps of enrolling in 2FA are as follows:
The user is asked to provide a mobile number in order to receive a recovery code if they cannot access their Google Authenticator App
They are then sent a code to this number which they need to enter
They are then invited to download the Google Authenticator App (or another suitable app), to scan the QR code and enter the first test code to make sure it works (this is in common with every other 2FA setup)
If they tick the “Trust this device for 30 days” option then they won’t need to enter another 2FA code for 30 days on that device.
After this they can use the platform as normal.
What happens if a user cannot enter a 2FA code when it is required?
The user will attempt to log in and be unable to enter a 2FA code.
They click “Recovery options” and can choose to be sent a recovery code to their mobile device.
If they can successfully receive the SMS to their phone they can enter that code and then reset their 2FA code themselves, following the same setup process as above.
If they are unable to retrieve an SMS then they can speak to their administrator (any one of the client administrators) who can trigger a 2FA reset via the “Manage users” page and allow the user to again set up a new device.
If they are unable to speak to (or do not know) their administrator, then they may escalate to Mention Me’s operations team using this contact form, who can verify their identity and perform a similar reset.