Q: What is two-factor authentication?
A: Two-factor authentication (2FA) is an important security measure that provides an added layer of protection, making it harder for bad actors or other unauthorized users to gain access to sensitive information. 2FA is a cybersecurity best practice because it can help protect a user’s personal information and identity, and prevent cybercriminals from stealing, destroying, or accessing your data. 2FA is also known as two-step verification, dual-factor authentication or mult-ifactor authentication.
Q: How does 2FA help keep me secure?
A: 2FA helps with security in many ways, some of which include:
- Protection against password theft: If a password is hacked, guessed, or phished; without approval at the second factor, a password alone won’t allow a bad actor entry.
- Prevents unauthorized access: 2FA makes it harder for attackers to gain access to your devices or online accounts.
- Protection against fraud: Because 2FA requires a second form of authentication that is uniquely in your possesion–for example, a one-time security code sent to your mobile phone–the likelihood of unauthorized access to your account is greatly reduced. Research by Microsoft says 2FA can prevent up to 99.9% of attacks on your accounts.
Q: Can I turn 2FA off?
A: No. 2FA is a cybersecurity best practice and MineralTree customers handle sensitive financial data, so we consider 2FA a must-have security element. 2FA provides an added layer of protection to your account, making it harder for bad actors or other unauthorized users to gain access to sensitive information.
Effective Wednesday, October 16, 2024, it is a mandatory requirement in the platform for all Accounting Managers.
Q: Why are you doing this now?
A: October is Cybersecurity Awareness Month, which means it’s the perfect time to review our customers’ security practices and offer improvements to your security. 75% of MineralTree customers have already enabled 2FA, and 57% of businesses globally use a form of 2FA. 2FA is an easy step to add powerful security features to your account.
Q: What do I need to do for 2FA with MineralTree?
A: You will need to make sure your mobile phone number is up-to-date in your account setting prior to the close of business on Tuesday, October 15. Follow the instructions here to confirm your phone number is accurate.
Beginning on Wednesday, October 16, when you enter your user name and password into your MineralTree application, MineralTree’s 2FA process will send a push notification with a one-time security code to your phone for login authentication. After you receive the one-time security code on your phone, you will enter your code in the MineralTree platform as a second form of authentication. After you enter the one-time security code and verify you are the account owner, you will log in and access your account as usual.
*Please note that without an accurate phone number in your account settings, you will not be able to receive a one-time security code to login. If you have trouble logging in, please contact customersuccess@mineraltree.com.
Q: How does 2FA with MineralTree work?
A: The process works like this:
- You (the user) logs in to your MineralTree account and enters your username and password.
- Pro Tip: for added ease and security, make sure to bookmark your MineralTree login page
- MineralTree’s server will see that your username and password match our records.
- You are then prompted to enter a one-time security code as a second form of authentication. For your 2FA with MineralTree, a one-time security code will be sent to your mobile device.
- You must enter your one-time security code to verify you are the account owner, and then you log in and access your account.
Q: What’s the downside of 2FA?
A: There is no downside to 2FA. While it does add a few seconds at the login–because you will need to receive and enter a security code into your account–the additional security measures it provides far outweigh the time added to the login experience.
Q: How often will I need to use 2FA?
A: MineralTree instances are set to automatically logout after 15 minutes of inactivity. This is another security measure that can help prevent your account from unauthorized access. If you are automatically logged out or if you intentionally logout, you will be required to use 2FA to log back into your account.
Q: Is 2FA a new feature in MineralTree?
A: No. 2FA has always been an option in MineralTree. Prior to Wednesday, October 16, 2024, 2FA was an option at the discretion of the customer Admin. As part of our ongoing commitment to help keep your MineralTree account as secure as possible, effective Wednesday, October 16, 2024, 2FA is now a mandatory requirement for all Accounting Managers.
Q: I prefer not to receive business-related texts on my mobile device. Is there another option?
A: Yes. You can use an authenticator application. An authenticator application is installed on a smartphone and generates a 6-digit code every 30 seconds. The codes are generated from a secret key that is shared between MineralTree and your device. An authenticator app is not tied to your phone number or SIM in any way. MineralTree recommends downloading Google Authenticator or Authy from your smartphone's app store. Please note that the authenticator app is only used for accounting managers at this time and only for logging in - not payment release. You can read more about the authentication application option here.