2-Step Verification

You are dealing with very sensitive data, so we want to provide you with options for extra protection. In addition to your regular password, you can also enable 2-step verification (also known as two-factor authentication). You can add your mobile phone number into Small Improvements, and whenever your account is accessed from a new device, you’ll be asked for a security token that is delivered to your phone.

This article provides an overview of how Small Improvements' 2-Step Verification works and how you can set it up in your account.

2-Step Verification is a standard mechanism for securing access to vital systems. You can secure your social media account, your blog, and of course, PayPal and your online banking with your phone. Even if a hacker steals your password, they won’t be able to log in from their computers, because each new device requires access to the SMS token.

Here’s what it looks like to a user who just had 2-Step Verification enabled (either by HR, or by themselves). After entering the regular username and password, the user is prompted to enter a mobile phone number. One thing to note: A user will have to log out first to see the message below.

Once entered, the next screen asks for a mobile token, which will be delivered via SMS. Once entered, the user is logged in. The device is now remembered, so the user doesn’t need to enter the code again for 30 days.

Every new device or browser, however, needs to be authorized again. And this is exactly what keeps hackers out: They might have gotten access to a user’s password (even by breaking in into another service which the employee was using the same password for), but since they don’t have an authorized device, they will get stopped at the mobile code screen.

The best way to test 2-Step Verification is to try it out on one sample user account, just so you get a feeling for using the option.

To do so, toggle Admin view, then click Directory from the left side menu. Open the dropdown for a user, and select Password and Security.

Alternatively, you can enable 2-Step Verification via the user profile. Click Manage then select Password and Security.

In the Password and Security settings, enable Require 2-Step Verification:

To enforce 2-Step Verification for all users, toggle Admin view, Click Settings in the left side menu, then select the Security tile. From there you can enable 2-Step Verification for all admin users, all non-admin users, or both.

Once you save the changes, 2-Step Verification will be active the next time a user logs in. Users will be prompted to enter their phone number, and we’ll send them a code (token) to verify they own the number.

By enforcing 2-Step Verification for all users, this applies to future users people as well, without having to enable 2-Step Verification for them manually.

If an employee changes their phone number, they’ll need to update their 2-Step settings. This can be done by HR and employees themselves. To achieve that, go to an employee’s profile, open the Manage dropdown menu, and select Password and Security.

Clicking “Reset 2-Step Verification” will then reset the process, so they can enter their new phone number during the next login.