Multi-Factor Authentication (MFA)

Print Friendly and PDF

 

What can I do now?

You can start to get your business ready for MFA now by ensuring everyone in your practice is using a unique login and not sharing passwords. Shared logins will not be supported by the required implementation of MFA.

Overview

Multi-Factor Authentication (MFA), sometimes known as Two Factor Authentication, 2FA, 2SA or TFA is a security enhancement for user accounts. Traditionally, users have relied on and are accustomed to authentication systems that require them to provide a unique identifier such as their email address and a correct password to gain access to a system.  Multi-Factor authentication is an extra layer of security in which users will be prompted for their password (the first factor—what they know), and for a security code (the second factor—what they have), making it more difficult for unauthorised people to access your data. 

What options are supported for MFA in CAS 360?

The MFA security code can be received using an:

  • Authentication app e.g. Google Authenticator
  • SMS Text Message

The use of an authentication app is the recommended method. The U.S. National Institute of Standards and Technology (NIST) has revised its multi-factor authentication security guidelines to discourage SMS based MFA, and encourage the use of more robust MFA alternatives.

Frequently Asked Questions

Can I enforce MFA for all users? 

Not currently, however, BGL is planning on adding this option for Administrators to turn on.

Can MFA be set up using both methods?
Yes. Both methods can be set up. From your user profile, you will be able to set a default MFA method.
Does MFA affect the Reset Password option?
The reset password process will involve an authentication code sent to a mobile via SMS, or email where no valid mobile number exists for the user. 
I didn't receive an SMS notification via text? What could cause this?
If you chose to receive codes by text message (SMS), make sure your service plan and mobile device support text message delivery. Delivery speed and availability may vary by location and service provider. Also, make sure you’ve got adequate mobile coverage when you’re trying to receive your codes.
The verification codes generated by my authenticator app are not working?
Is the clock on your phone set correctly? This could happen when your phone's time is incorrect or you have changed your phone's settings to an incorrect time zone.
Can I remove computers and other devices from my trusted list?
Not currently supported. 
What if my workplace does not allow access to mobile phones?
 Use a chrome extension such as GAuth Authenticator, Authenticator or a hardware-based authentication solution.
As an Administrator, how do I know which users have enabled MFA?
The User Manager screen will display all of your users and which of those have enabled MFA. 
I have left my mobile device at home. How can I log into CAS 360?

When Multi-Factor Authentication has been turned on you will not be able to log in to CAS 360 without your mobile device.

If you have access to your email account you will be able to Disable MFA for your individual login.

Note that some Authenticator apps such as Authy, have the ability to run on multiple devices. This allows you to access codes from several devices.

I've got a new phone, the authenticator code was on my old phone. How can I log in to CAS 360

To register a new number you will need to disable and authenticate with the new number.

Note that some Authenticator apps such as Authy, have the ability to run on multiple devices. This allows you to access codes from several devices.

Is MFA currently mandatory in CAS 360?
MFA is not currently mandatory for all BGL user accounts. 
 
 

See also:

How to Set up MFA with Authentication App

How to set up Multi-Factor Authentication with SMS

My phone was lost or stolen. How do I disable Multi-Factor Authentication?

How to disable Multi-Factor Authentication once I have signed in.

 

  • 2fa
  • 2 factor