Although data security is eLabNext's top priority and we do everything that is reasonably possible to keep a users account and data safe, many factors beyond our control may compromise the security of an account and thereby an organisation's research data (e.g. key loggers on public computers, reuse of password for other applications that have been compromised, etc.). Therefore, we recommend using two-step verification - also known as two-factor authentication - to improve the security of a users account. When activated, two-step verification will require a user to provide a secret code upon login, in addition to their username and password. Check out the video below to see how two-step verification works:
Activate two-step verification under the Two-Step Verification tab within the Account Settings page.
Enabling two-step verification for an account introduces a second layer of security to protect the account. With two-step verification active, an additional 6-digit code is required in order to log into the application. This unique code is generated on a smartphone and changes every 60 seconds. First, users need to activate the two-step verification setting by clicking Enable.
Note: Users can download the WinAuth Desktop App if they are unable to use a smartphone
In the pop-up menu, users can now verify their device to generate a two-factor code. Users can get this code by following the instructions below. Please note that after enabling two-step verification, users will always need their mobile device to generate a new two-factor code when logging into eLabJournal. If a user dose not have this code, they will no longer be able to directly access their account and data.
There are several options for generating two-step verification codes:
- The eLabJournal or eLabInventory Mobile App – Download and install the App on iOS or Android
- Google Authenticator Mobile App – If the user already uses Google Authenticator for other applications (for Windows Phone use Microsoft Authenticator)
- WinAuth Desktop App – if the user does not have a smartphone, they can download and install WinAuth on the desktop
- Protectimus SLIM mini – physical card that can be programmed using NFC to generate 2FA tokens. Read more about Protectimus SLIM mini
The user must install the application of their choice and either scan the barcode displayed when enabling two-step verification, or manually enter the secret code listed below the barcode. After scanning or entering the secret code, the application will begin generating a time-based unique 6-digit code (the two-factor code) that changes every 60 seconds. This is the code the user will need to finish activating the two-step verification and to login moving forward.
- Enter the 6-digit code
- Click Verify and Save
Two-step verification is now enabled.
Please make sure never to remove the app from your authenticated device before first disabling the two-step verification setting.
It is also recommended that users download the backup two-factor codes, which can each be used once to access the application in the event that access to the two-factor code-generating device is lost. In the event that a user's account is blocked while two-step verification is enabled, an administrator can disable this setting via the Organisation Admin Panel. Cloud users can alternatively contact the eLabNext Support Desk to disable two-step verification on their account.
When two-step verification is active, users need to enter the two-step verification code every time they login. There is an option to trust the computer for 30 days, which means that a user will only have to enter the two-step verification code once every 30 days. This option is linked to a specific IP address and computer to ensure that your account remains protected with two-factor authentication when logging in from a different device.
Group administrators can enforce two-step verification for all members in their group by changing the Group Policy. Navigate to My Groups and click Edit. In the Group Policy tab enable the option to make two-step verification mandatory for all group members.
When this option is enabled, all users in the group will be forced to activate two-step verification for their accounts during their next login. Users will only be allowed to access their accounts once they have successfully set up two-step verification.