Two-factor authentication (also known as 2FA or Multi-factor authentication) lets you add an additional layer of security to your account. With 2FA, you’ll need to provide another form of authentication in addition to your username and password to access your account. It’s a great way to protect yourself against brute force attacks and hacks even when your password has been compromised.
Note: You can also enable 2FA for the mobile app. To enable it, you must be running the following app versions –
1. How It Works
When you enable 2FA, you’ll be required to enter –
- Your username and password
- An OTP sent to your mobile device, email, or generated through an app such as Google Authenticator*
*Other Time-based OTP (TOTP) authenticator apps on Android/iOS devices such as Microsoft Authenticator, Duo, Authy, etc. are also supported.
Note: 2FA can be enabled at the user level by each individual user or at the account level by the admin user.
- To enable 2FA using mobile, you must ensure that the correct mobile number is saved under your user details. To edit an existing mobile number or add a new one please contact your LeadSquared administrator.
- Likewise, 2FA can also be enabled through email. To change the email address of your LeadSquared account, contact your administrator.
3. Setting Up Two Factor Authentication
You can set up two-factor authentication at the account level or at the individual user level
3.1 Account Level
Administrator users can make two-factor authentication mandatory for all users. Users will then be prompted to set up their preferred method of authentication while logging in to their accounts.
To access the setting,
- Navigate to My Profile>Settings>Security>Login Settings.
- Click the slider icon alongside Mandate Two Factor Authentication.
For more details, see LeadSquared Security Settings – Login Settings.
3.2 Individual User Level
Alternatively, users can set up two-factor authentication for their own accounts –
- From the main menu, navigate to My Profile>Settings>Security>Two Factor Authentication.
- Click the slider to enable two-factor authentication*.
- Select either the SMS, Email or Google Authenticator option.
- Enter the OTP received on your mobile or email, then click Enable.
* You can disable two-factor authentication at any time.
If you choose the Google Authenticator option, you’ll see a QR code and a key. Use these to configure your LeadSquared account in the app you’re using (Google Authenticator, Microsoft Authenticator, Authy, etc.). Then enter the current OTP in the space provided and click Enable.
If you want to change the configuration from to SMS, Email or Google Authenticator at any time, click the Change link –
4. Logging In With 2FA
After setting up 2FA, you’ll be prompted to enter your OTP the next time you log in –
If you don’t receive an OTP, you can re-send it after the 5-minute count-down elapses.
You can access the Two-Factor Authentication report on the UI. It gives you details of users with 2FA enabled versus those with 2FA disabled. You can also see the provider (SMS, Email) used and the list of users with details such as phone numbers and email addresses.
Note: The report can be accessed by Admins, Marketing Users and Sales Managers.
To view the report,
1. On the main menu, navigate to Reports>Reports Home.
2. Type ‘Two Factor Authentication‘ into the search bar and then select the report from the auto-suggestions –
3. Hover your cursor over each chart or navigate between the tabs for more details.
I entered the OTP incorrectly 3 times and am now locked out of my account. What do I do?
LeadSquared automatically locks you out of your account after 3 invalid attempts. However, you can retry after 30 mins.
I’m locked out of my account and can’t get a new OTP. What should I do?
This may happen if you’ve lost your phone or can’t access your email. Don’t worry though, just contact us at email@example.com.
What else can I do to strengthen my account security?
There are many ways to improve the security of your account. Here are a few basic tips –
- Change your passwords frequently.
- Don’t re-use passwords.
- Don’t share your account’s password with anyone.
- Don’t click the links on suspicious or unexpected emails.
- Be careful of what you download from the internet.
- Beware of phishing attempts.
Any Other Questions?
Did this article answer your question? If not, leave a comment below and we’ll get back to you ASAP.