LeadSquared Security Settings – Two-factor Authentication 2FA

| by Vir Singh

1. Feature Overview

Two-factor authentication (also known as 2FA or Multi-factor authentication) lets you add an additional layer of security to your account. With 2FA, you’ll need to provide another form of authentication in addition to your username and password to access your account. It’s a great way to protect yourself against brute force attacks and hacks even when your password has been compromised.

Note: With the Trusted Devices feature, users can log into their LeadSquared account without verifying themselves through Two-Factor Authentication (2FA) each time.

 

2. Prerequisites

  • To enable 2FA using mobile, you must ensure that the correct mobile number is saved under your user details. To edit an existing mobile number or add a new one please contact your LeadSquared administrator.
  • Likewise, 2FA can also be enabled through email. To change the email address of your LeadSquared account, contact your administrator.

 

3. How It Works

With 2FA, you’ll be required to enter –

  1. Your username and password
  2. An OTP sent to your mobile device, email, or generated through an app such as Google Authenticator*

*Other Time-based OTP (TOTP) authenticator apps on Android/iOS devices such as Microsoft Authenticator, Duo, Authy, etc. are also supported.

Note: 2FA is enabled by default for Admins, Sales Managers, and Marketing Users. For Sales Users, it can be enabled by each individual or at the account level by the admin user.

 

4. Setting Up Two Factor Authentication

Two-Factor Authentication is mandated by default for Admins, Marketing users, and Sales Managers. These users will be prompted to set up their preferred method of authentication while logging in to their accounts.

2fa login

If you choose the Google Authenticator option, you’ll see a QR code and a key. Use these to configure your LeadSquared account in the app you’re using (Google Authenticator, Microsoft Authenticator, Authy, etc.). Then enter the current OTP in the space provided and click Enable.

google auth config

Note: To remove the mandatory 2FA for your account, please get in touch with your account manager or contact support@leadsquared.com

For more details, see LeadSquared Security Settings – Login Settings.

4.1 Sales User Level

Alternatively, Sales Users can set up two-factor authentication for their own accounts –

  1. From the main menu, navigate to My Profile>Settings>Security>Two Factor Authentication.
  2. Click the slider enable authenticationto enable two-factor authentication*.
  3. Select either the SMS, Email, or Google Authenticator option.
  4. Enter the OTP received on your mobile or email, then click Enable.

Multi-factor Auth

* You can disable two-factor authentication at any time.

If you want to change the configuration from to SMS, Email or Google Authenticator at any time, click the Change link –

change 2fa config

 

5. Logging In With 2FA

After setting up 2FA, you’ll be prompted to enter your OTP the next time you log in –

OTP on login

If you don’t receive an OTP, you can re-send it after the 5-minute count-down elapses.

 

6. Reports

You can access the Two-Factor Authentication report on the UI. It gives you details of users with 2FA enabled versus those with 2FA disabled. You can also see the provider (SMS, Email) used and the list of users with details such as phone numbers and email addresses.

Note: The report can be accessed by Admins, Marketing Users and Sales Managers.

To view the report,

1. On the main menu, navigate to Reports>Reports Home.

reports home

2. Type ‘Two Factor Authentication‘ into the search bar and then select the report from the auto-suggestions –

2fa report search

3. Hover your cursor over each chart or navigate between the tabs for more details.

2fa UI report

 

7. FAQs

1. I entered the OTP incorrectly 3 times and am now locked out of my account. What do I do?
LeadSquared automatically locks you out of your account after 3 invalid attempts. However, you can retry after 30 mins.

2. I’m locked out of my account and can’t get a new OTP. What should I do?
This may happen if you’ve lost your phone or can’t access your email. Don’t worry though, just contact us at support@leadsquared.com.

3. What else can I do to strengthen my account security?
There are many ways to improve the security of your account. Here are a few basic tips –

  • Change your passwords frequently.
  • Don’t re-use passwords.
  • Don’t share your account’s password with anyone.
  • Don’t click the links on suspicious or unexpected emails.
  • Be careful of what you download from the internet.
  • Beware of phishing attempts.

4. Is 2FA enabled by default for all users?

2 Factor Authentication is enabled by default for Admins, Sales Managers, and Marketing Users. It is not enabled by default for Sales Users.

5. How can Admins and Managers disable or turn off 2FA?

You will need to contact support@leadsquared.com.

 

8. Troubleshooting

1. I enabled Two factor authentication (2FA), but it isn’t working for a mobile user in my organization.

Ensure you add the user’s correct mobile number in the user profile. Once added, 2FA should work as expected. If you still face issues, contact support@leadsquared.com.

 

Any Questions?

Did this article answer your question? If not, leave a comment below and we’ll get back to you ASAP.

Subscribe
Notify of
guest
2 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Avishek Maity
Avishek Maity
2 years ago

unfortunately i delete google authenticator app how to recover

0
Reply
Sri Sudhan
Sri Sudhan
Admin
Reply to  Avishek Maity
2 years ago

Hi, Avishek. No worries, you can download and reinstall the app on your mobile device. Once you do, complete the steps listed in section 4.2, and your 2FA will be active again. Hope this helps!

1
Reply