Two-Factor Authentication (2FA)

Learn about how Ignition uses two-factor authentication to boost the security of your account.

Product Team avatar
Written by Product Team
Updated over a week ago

What is Two-Factor Authentication (2FA)?

2FA provides an additional level of security to your Ignition account by using a one-time password from your chosen authentication app or mobile phone. It is designed to ensure that you're the only person who can access your account, even if someone else knows your password.

2FA is currently available to a select number of customers and required customers. If you are interested in using 2FA, please reach out.

How it works

With 2FA, only you can access your account on a trusted device and browser.

When you want to sign in from a new device and browser for the first time, you'll need to provide two pieces of information:

  1. Your password

  2. The six-digit one-time password (OTP) that's automatically displayed on your trusted authentication app or sent to your phone number.

By entering the one-time password, you're verifying that you trust the new device and browser.

For example, if you are signing in to your account for the first time on a newly purchased device, you'll be prompted to enter your password and the one-time password that's automatically provided by your primary authentication method.

Because your password alone is no longer enough to access your account, 2FA dramatically improves the security of your Ignition account as well as all the client information you store on the Ignition platform.

Once you've signed in, you won’t be asked for a one-time password on that device for another 12 hours, unless you sign out or you select the Do not require two-factor authentication for 30 days check box.

Do I need 2FA?

Currently all Ignition subscribers in Australia that have a linked Xero connection will be required to set up 2FA. Learn more.

In future this may be extended to a number of use cases, such as customers who use Ignition payments.

How do I set up 2FA?

Using an app

  1. From the setup screen, click Set up using an App.


  2. Download an authenticator app to your phone (or desktop if you don't have a smartphone) from your App Store or Google Play Store. Authenticator apps are usually free. We suggest Google Authenticator, Authy or 1Password.

  3. Sync your Authenticator app with Ignition by scanning the QR code & entering the generated one-time password to validate your selected method.

  4. Set up your backup authentication method by selecting either a backup phone number or email address.

    This step is required for principal users and is optional for all other users. We highly recommend all users set up a backup method as this will reduce the risk of losing access to your account.

    We will send a verification code via your backup method, so you'll need to validate this method by entering the provided code.

    Please note that if you cannot complete this step within 10 minutes of receiving your one-time password in step 3 then you will be required to start the flow again.

    Once setup you will be directed straight into Ignition.

Using SMS

  1. From the setup screen, click Set up using SMS.

  2. Enter your mobile phone number and press Request one-time password.

  3. You will be sent a one-time password to the mobile phone number of your choice. Please enter this newly generated number to validate your login. Please note you will need to do this each time you wish to log into Ignition.

  4. Set up your backup authentication method by selecting either a backup phone number or email address. Please note that if you want to select a phone number, you need to use a different phone number than the one entered in the previous step.

    This step is required for principal users and optional is for all other users. We highly recommend all users set up a backup method as this will reduce the risk of losing access to your account.

    We will send a verification code via your backup method, so you'll need to validate this method by entering the provided code.

    Please note that if you cannot complete this step within 10 minutes of receiving your one-time password in step 3 then you will be required to start the flow again.

What will happen once I have set up 2FA?

Once you have enabled 2FA, the next time you log in to Ignition, you will be prompted to enter the one-time password that will automatically generate in your authenticator app or SMS, depending on your preferred 2FA method.

Do not require 2FA for 30 days

The next time you log into Ignition, you also have the option of ticking the Do not require two-factor authentication for 30 days checkbox.

This will make it so that you do not need to provide your one-time password each time you login for a 30 day time limit.

After 30 days, you will be required to provide your one-time password again.

What if I cannot provide my one-time password?

If you cannot provide your one-time password using your primary authentication method then you can take one of the following actions:

  • Request a one-time password via your backup method.

  • Ask your principal user to reset 2FA for your account. A principal user will need to go to the Team page → Select your user → Click the three dots → Reset Two-Factor Authentication & enter their one-time password. This will require you to set up 2FA again.

    Please note, the principal user will need to have 2FA enabled before being able to reset this for their team members.

    Please note, the principal user will need to have 2FA enabled before being able to reset this for their team members.

  • If you are the principal user, contact Ignition support who will attempt to verify your identity.

Troubleshooting

One-time password you have entered is invalid

This can be caused by a time sync issue on your Google Authenticator app.

To sync to the correct time zone in their authenticator app correctly

  1. Launch the Google Authenticator app

  2. Tap the menu button (three dots)

  3. Go to Settings → Time Correction for Codes

  4. Select Sync now

Frequently Asked Questions

Will using the authenticator app mean that I’m giving private data to a third party?

No, the authenticator app doesn’t connect to your Ignition account in any way. It simply generates a secure time-based passcode that is used in the process of logging in. This means that your account is secure even if someone knows or guesses your password!

I don’t have a smart device. How do I download the authenticator app?

It’s preferable to have the authenticator app on a separate device than your main computer or laptop. But if this isn’t possible, you have the ability to install an app on your laptop or desktop computer. Authy, Microsoft Authenticator and 1Password are some examples of desktop authenticators.

Does my smart device need a signal or internet to retrieve the passcode?

No - once the authenticator app is installed and set up, it will generate new codes that expire in 30 seconds by itself. It does not need a signal or internet connection.

What if I lose or need to update my primary or backup authentication method?

Currently you cannot manage your 2FA setup within Ignition. If you need to update either your primary or backup method then you can ask your principal user to reset 2FA for your account. Note this action will force you to configure both methods again upon your next login.

Be aware, the principal user will need to have 2FA enabled before being able to reset this for their team members.

If you are the principal user, please contact Ignition support.

Do I need to set up a backup method?

If you are a principal user, you will need to set up a backup method. This reduces the risk of being unable to access your account. This step is optional for other team members as a principal user can reset any team member's 2FA configuration within app, providing an alternate path of access to their account if necessary. This however is not possible if a principal user is unable to access their account, therefore we require principal users to set up a backup method to reduce the risk of being unable to access their account.

We highly recommend all users set up a backup method.

Did this answer your question?