ActiveDEMAND, by default, uses single factor authentication. The single factor authentication system never displays passwords in plain text, all logins are over https, and our system enforces password complexity rules. For many this is works extremely well. If you want to increase security, we recommend enabling 2 factor authentication. The 2 factor authentication is enabled on the account level (Administration->Account Settings->[Account Setup])
If this is enabled, it is enabled for all logins for your account. When a user attempts to log in for the first time on a new browser (or after two factor authentication is enabled) ActiveDEMAND will block the login with a request for a code:
This code will be sent to the users's email address.
If the code is not correctly after three attempts are made, the account will be blocked.
There are two scenarios that force a two factor login:
- Logging in using a new browser (or cookies have been cleared)
- Not entering an authentication code for 6 months.