How to set up and use 2FA (two-factor authentication)?

Two factor authentication is a method of confirming a user’s claimed identity through two different factors - concretely it is a way to increase the security of your account. In Ledgy, this will be through the password and an authentication code.

How do I set up 2FA in Ledgy?


To set up 2FA for your Ledgy account, click on your name on the top right corner of your Ledgy page to navigate to My Settings.

 

In My Settings > Access Control, you will find a toggle to set up two-factor authentication for your personal account. Once the toggle is turned on, a pop up will guide you through a quick set up via downloading an authenticator app on your smartphone and scanning Ledgy's QR code. Once this is complete, you can use the authenticator app to a generate a code every time you log in. 

Some compatible authenticator apps include: 

Google Authenticator

Duo

Authy

Can I make it mandatory for all stakeholders in my company to use 2FA when using Ledgy?


For companies, Owner-level collaborators (Company Settings > Collaborators) can also turn on two-factor authentication for all stakeholders and collaborators by default. This will enforce 2FA as a login requirement.




You can turn on 2FA in the Company Settings (left bar) > Access Control. If 2FA is not yet turned on in the Owner's personal account settings, a link will guide you to complete this step first.



Once 2FA is enabled, all stakeholders and collaborators in the company will be prompted with the requirement to enable 2FA as soon as they next log in to their Ledgy account. This applies to all current stakeholders and collaborators, as well as future recipients of Ledgy invitations.

What if a user loses access to their 2FA authentication device?

The 2FA requirement can be disabled by a user by using their Recovery Code. This code is only available to the user at the point of setting up their 2FA device.



With the Recovery Code, the user can proceed to log in to Ledgy, bypassing the 6 digit authentication by clicking Use recovery code:



Once the matching email and recovery code have been submitted, the user will receive will receive by email a confirmation that the 2FA requirement has been disabled for their account.