How do I enable Two-Factor Authentication (2FA) in timeSensor LEGAL 365?
General
Two-Factor Authentication (2FA) enhances security when accessing timeSensor LEGAL 365 by requiring a second verification step in addition to a password. This makes it more difficult for hackers to access an account, even if they know the password. This additional layer of protection reduces the risk of unauthorized access and identity theft. In timeSensor LEGAL 365, we have chosen to implement TOTP (Time-based One-Time Password). This is an additional password in the form of a six-digit numeric code that changes every 30 seconds.
2FA in timeSensor LEGAL 365
Requirements
You need the latest version of timeSensor LEGAL 365 and a smartphone with an authenticator app, such as Microsoft Authenticator or Google Authenticator.
Enabling Authentication
Each user in your team must enable two-factor authentication themselves in their user account. A new checkbox is available in the login data for this purpose. When 2FA is activated, the following dialog appears.
Each user must now open the authenticator app of their choice on their smartphone and add timeSensor. The displayed code can be scanned for this purpose. To verify functionality, the six-digit numeric code calculated by the authenticator app must be entered into the field in the dialog. Clicking the "Verify and Save" button checks the entered code. If it matches, the dialog closes, and two-factor authentication is activated for the user account.
2FA is only beneficial if every member of your team sets it up. Therefore, a new 2FA column is available in the user dialog so you can verify that all users have enabled it. To allow timeSensor support to assist you, 2FA must also be activated for the support user. Simply send an email to hotline@timesensor.com, and our support team will activate 2FA for the support account.
Using 2FA
Once 2FA is enabled for a user, the second factor is requested after entering the password. Check your authentication app to retrieve and enter the currently valid numeric code. Once successfully logged in, you can switch between entities (data rooms) without being prompted for the second factor again. How quickly the second factor is requested depends on the system settings.
How often is the second factor requested?
After successfully entering the second factor, timeSensor LEGAL creates an encrypted file (a "token") with a limited validity on your local computer. If a valid token is found during login, the second factor request is skipped. This system allows you to balance convenience and security according to your needs. If you are at your fixed workstation, you can extend the token’s validity to 30 days without significantly compromising security. If you use a laptop and travel frequently, you can set the token’s validity to 1 day, ensuring that the second factor is required quickly if the laptop is lost.
Note that if a third party attempts to connect to your database from another computer, this will always fail because the mentioned token is only available locally on your computer. For a third party, the second factor will always be requested, even if you have set the validity to 30 days.
The token validity can be set in the Settings section, under the Admin menu, Special / System. The minimum validity is one day, and the maximum validity is 180 days.
Single-Sign On
If SSO is enabled for you, the second factor will not be requested.
Related Articles
How can I test timeSensor LEGAL under Windows?
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. Windows or Mac? You can test timeSensor LEGAL under macOS as well as under Windows. If you prefer to test ...Which Versions of Microsoft Word Are Compatible With timeSensor LEGAL?
timeSensor LEGAL can process all types of Microsoft Word documents. It is possible to archive those documents in their native format, or use Word templates with timeSensor LEGAL. Word Templates Without Data Integration As long as Word templates do ...Possible interfaces of timeSensor LEGAL Accounting
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. General When working with timeSensor LEGAL, accounting-relevant information accumulates. Corresponding ...Rebooking and cross-booking in timeSensor LEGAL
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. General In timeSensor LEGAL you can enter payment transactions directly under Finance / Cash accounts. But ...How can I access timeSensor LEGAL remotely?
This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. There are the following possibilities to access timeSensor LEGAL remotely: Direct connection to the server ...