How do I enable Two-Factor Authentication (2FA) in timeSensor LEGAL 365?
General
Two-Factor Authentication (2FA) increases security when accessing timeSensor LEGAL 365 because it requires a second verification step in addition to a password. This makes it more difficult for hackers to access an account, even if they know the password. This additional layer of protection reduces the risk of unauthorized access and identity theft. In timeSensor LEGAL 365, we have chosen to implement TOTP (Time-based One-Time Password). This is an additional password in the form of a six-digit numeric code that changes every 30 seconds.
2FA in timeSensor LEGAL 365
Requirements
You need the current version of timeSensor LEGAL 365 and a smartphone with an authenticator app, such as Microsoft Authenticator or Google Authenticator.
Enabling Authentication
Every user in your team must enable Two-Factor Authentication themselves in their user account. For this purpose, a new checkbox is available in the login data. When 2FA is enabled, the following dialog opens.
Each user must now start the authenticator app of their choice on their smartphone and add timeSensor. The displayed code can be scanned for this purpose. To check functionality, the six-digit numeric code calculated by the authenticator app must then be entered in the field in the dialog. With the button "Check and Save" the entered code is verified. If it matches, the dialog is closed and Two-Factor Authentication is enabled for the user account.
2FA only adds value if every member of your team actually sets it up. Therefore, there is a new 2FA column in the user dialog so you can check that this is the case for all users. For timeSensor Support to assist you, 2FA must also be enabled for the Support user. Just send an email to hotline@timesensor.com, and our support will also activate 2FA on the support account.
Use of 2FA
Once 2FA is enabled for a user, the second factor is requested after entering the password. Then consult your authentication app to obtain and enter the currently valid numeric code. Once you have successfully logged in, you can also switch between entities (data spaces) without the second factor being requested again. How quickly the second factor is requested depends on the system settings.
How often is the second factor requested?
After successfully entering the second factor, timeSensor LEGAL on your local computer
creates an encrypted file (a "Token") with a limited validity . If a valid token is found during login, the second factor request is skipped. This system allows you to balance convenience and security according to your needs. If you are at your fixed workstation, for example, you can extend the validity of the token to 30 days without significantly compromising your security. If you have a laptop and are frequently on the go, you can set the validity of the token to 1 day, so that the second factor is quickly requested in case of loss of the laptop.
creates an encrypted file (a "Token") with a limited validity . If a valid token is found during login, the second factor request is skipped. This system allows you to balance convenience and security according to your needs. If you are at your fixed workstation, for example, you can extend the validity of the token to 30 days without significantly compromising your security. If you have a laptop and are frequently on the go, you can set the validity of the token to 1 day, so that the second factor is quickly requested in case of loss of the laptop.
Note that if a third party tries to connect to your database from another computer, this will fail in any case, because the mentioned token is only available locally on your computer. For a third party, the second factor will always be requested, even if you have set the validity of the second factor to 30 days.
You can set the validity of the token in the sectionEinstellungen, menuAdmin, Spezial/System set. The minimum validity is one day, the maximum validity is 180 days.
Single Sign-On
If SSO is enabled for you, the second factor will not be requested.
Related Articles
How can I optimise the security of my database?
Since lawyers deal with particularly sensitive data, the security of the timeSensor LEGAL database is an especially serious matter. The article below provides information on how to ensure the safe operation of the database. General information This ...How can I enable log files for troubleshooting?
General As much as we would wish for you and ourselves a flawless software – no software is completely free of errors. timeSensor LEGAL 365 is no exception. Our team works with great care, but despite all efforts, errors cannot always be avoided. In ...Which Versions of Microsoft Word Are Compatible With timeSensor LEGAL?
timeSensor LEGAL can process all types of Microsoft Word documents. It is possible to archive those documents in their native format, or use Word templates with timeSensor LEGAL. Word Templates Without Data Integration As long as Word templates do ...How can I access timeSensor LEGAL remotely?
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. There are the following possibilities to access timeSensor LEGAL remotely: Direct connection to the server ...How do I optimise the security of my database?
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. Since lawyers handle particularly sensitive data, the security of the timeSensor LEGAL database is an issue ...