Photo by FLY:D on Unsplash

Leavetrack Update - Multi-Factor Authentication

You can now use multi-factor authentication (MFA) to secure your Leavetrack account. You can view this 2-minute video on setting up MFA in Leavetrack.

We take data security extremely seriously and as we have grown, we realised that we needed to offer a way to ensure that your data is protected if your Leavetrack credentials become compromised. Multi-factor authentication for Leavetrack grants access based on something you know, which is your password, and something you have, normally a mobile device. You can read more about MFA and why it's a good thing on the NIST website.

Why do we take data security seriously?

Because it's the right thing to do.

We are all familiar with the General Data Protection Regulation and regulatory obligations to keep data secure but fundamentally, the data we hold belongs to our customers and their employees and we are entrusted to keep it secure. It's a promise.

Given the product, some people may question why but the answers are obvious.

People track their sick leave in Leavetrack. If someone is going on maternity leave, they will record their absence in the system. Employers have the ability to add lateness records or general notes against an employee. This is sensitive data relating to a person's relationship with their employer and must be secure.

Why should you use MFA?

There are some key statistics that make it clear why you should enable multi-factor authentication when you can:

61% of people use the same password on multiple services.

We've all done it - typing in the usual password because you know it complies with the requirements 99% of the time. With Leavetrack, we encrypt your password in our database so we can't see what it is. 

Did you know that many services don't encrypt passwords? 

Did you ever receive a reminder from a company that said, "Here's your password."? 

If you did, that means they didn't encrypt it and if their database is breached, your password and email is in the wild. Using MFA means that any attacker would have one more step to get through if they ever got hold of your password.

Phishing emails are successful 47% of the time.

Phishing emails are attempts by hackers to get you to login on a fake page so they can steal your password.

They design pages that look like your common banking websites or email providers to trick you into providing your password, usually as part of a security reset process.

Could you tell that this is not genuine?

Enabling MFA means that if your password is compromised, hackers still cannot get into your account.

Enabling MFA for Leavetrack

To enable multi-factor authentication, sign in to your Leavetrack account as normal then head to View My Profile > Edit. In the Security and Access section you will find a link to enable MFA. Clicking that link will show you a QR Code on screen.

Step one of MFA

You can scan the QR Code using a wide range of apps that are available for both iPhones and Android devices. Authy and Google Authenticator are two popular apps for working with MFA.

After you scan the QR Code, enter the six-digit number generated and click Complete Setup.

You will be shown a list of 12 recovery codes. You should store these securely to enable access to your account if you lose your device.

Recovery codes for MFA

Please check out our support article on implementing MFA for more information.
Posted by Robin on 15 Apr, 2021 in Leavetrack Update