2FA - Two Factor Authentication for Chronicle Online
As part of our GDPR policy and commitment to online security measures Chronicle is pleased to announce the introduction of 2FA / MFA for system users this September.
What is MFA or 2FA?
"Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only the user knows), possession (something only the user has), and inherence (something only the user is). MFA protects user data—which may include personal identification or financial assets—from being accessed by an unauthorised third party that may have been able to discover, for example, a single password.
A third-party authenticator (TPA) app enables two-factor authentication, usually by showing a randomly generated and frequently changing code to use for authentication." Wikipedia
Chronicle has opted to use Authenticator Apps enabling Google, Microsoft, Authy, Last Pass and Duo Mobile technology alongside a QR barcode and 6 digit pin code. This was selected instead of the earlier text message technology and approach, which in recent years has become easier to hack and fallen out of favour amongst most security experts.
This 2FA feature can be turned on and off at a central level for system users, therefore easily enabled company-wide. Aimed predominately at our HR customer base this tool can also protect our Time and Attendance, Access Control and Scheduling users.
"Chronicle we believe is one of the first cloud-based workforce management products in the UK and Europe to offer 2FA to its clients. Traditionally found in banking and finance applications this level of security is now transitioning over to other sectors including HCM and WFM. Subsequently, we are very pleased to be able to offer it as a new security feature to our customers improving overall standards and going over and above GDPR guidelines." Rupert Lassen Managing Director.