Two Factor Authentication

Summary

The entire payroll industry is currently seeing an increase in software hacking attempts against their client’s payroll data.

One of the most effective security measures you can implement to protect your data from criminals is Two Factor Authentication (TFA). AllianceHCM strongly advises that all of our clients and users implement two factor authentication to help secure your confidential data.

What is TFA? How does it help?

Two Factor Authentication adds protection to your AllPay account by making you enter an additional security code after logging in with your user name and password. The security code is delivered to you via a secondary channel (usually your cell phone). This ensures that you must have your cell phone or other TFA enabled device handy in order to log in; something the cybercriminals trying to log in to your account will not have. This secondary code is either generated on your device (Authy and Google Authenticator methods) or can be sent to your cell phone in a text message (Text Message / SMS method).

AllPay has three TFA methods available, you can register for as many of them as you wish. You can decide which one to use on each login. By enabling TFA, a criminal then must not only have your password and answers to your security questions, but must also have your secondary security code.

How to Enable TFA On Your Own Account

To enable two factor authentication, click "Settings" at the top of AllPay and then go to the "Two Factor Authentication" tab. There are three options for TFA:

  1. Authy is a third party service that AllianceHCM integrates with to provide TFA security tokens. Authy has mobile apps for Apple and Android devices as well as a desktop app that can be installed on your computer. One of the nice things about Authy is that if you lose your phone or get a new one you can easily reinstall the Authy application and resume getting your security tokens.
  2. Google Authenticator is a mobile app published by Google that uses a standards based methodology for generating security tokens. There are apps for Apple and Android available and there are third party apps for Windows Phone that perform the same function and are compatible with Google Authenticator security tokens. Note that if you are using Google Authenticator and you lose your phone, it may not be possible to recover your Google Authenticator setup on your new phone. For this reason it is recommended that you print the QR Bar code that is shown on your screen when you register for Google Authenticator - and store it in a safe place in case you need it in the future.
  3. Text Message / SMS sends a security code to your mobile phone and is tied to your phone number.

To register for two factor authentication, click the "Enable ... " button underneath the method you want to use and follow the on-screen instructions.

Sample of the Two Factor Authentication setup page:
Two Factor Authentication Setup Page

How to Require TFA On All Your Users' Accounts

If you are an AllPay company administrator, we suggest you require that all of your AllPay users register and use TFA. Here is how:
  1. Go to the Company » Security » User Management page in AllPay
  2. Check the box beside all users
  3. Press the "Require TFA" button near the bottom of the page
  4. If you have multiple pages of users, be sure to repeat this process on each page

Once you have required TFA on another user's account, that user will be prompted to set up their TFA immediately upon their next login to AllPay.

If you have any questions regarding enabling TFA on your account please check with your IT Professional or the AllianceHCM help desk.