Implementing Two-Factor Authentication (2FA) Follow
*This article only applies to the Law Ruler & Tabs3 version of Legal CRM*
🔒 Two-factor authentication (2FA) is a specific type of multi-factor authentication (MFA) that strengthens access security by requiring two methods (also referred to as authentication factors) to verify the identity of each user that logs into Legal CRM. 2FA is highly recommended for all Legal CRM customers. With phishing, spyware, viruses, and other malware scams on the rise in today's society, the more security, the better. Email passwords by themselves are considered safer with 2FA enabled.
Protect your client data with this additional security measure and enable 2FA in your system today!
After enabling Two-Factor Authentication (2FA) in your system, all users will be required to enter a six-digit SMS text message code to log into the system.
How to Activate Two-Factor Authentication (2FA) via SMS Text Message in Legal CRM
- Click on Setup > Security Settings
⚠️ You must be a user with admin access to access the Setup menu and edit 2FA settings. Please ask your firm administrator or IT department if you would like this activated for your firm.
- Navigate to the Two-Factor Authentication (2FA) Settings option
- Mobile numbers will be required for all users to enable 2FA.
⚠️ Please note: Before activating 2FA, it is highly recommended to collect a list of mobile numbers for your users and update them all inside of Setup > Manage Users first. Otherwise, an unauthorized party that has user logins and passwords could enter their mobile number and lockout a customer's authorized users. It is best if an administrator that knows the users is the one that adds mobile numbers for ALL users before enabling this feature.
💡 It is considered to be more secure for a member of your firm that is familiar with all staff and their mobile numbers to perform this setup action ahead of time before activating 2FA.
- Click the switch to the "On" position to activate Two-Factor Authentication (2FA). Once enabled you will see a green confirmation message display in the lower right hand corner.
- A six-digit security code will be sent to a user at the time of login.
- This code is required to log in to the system after 2FA is enabled.
- Failing to enter this code three times will result in the user account being locked.
- Only an administrative user at the firm may unlock the account.
- Legal CRM Support cannot unlock user accounts for the firm, so please contact your firm administrator if this occurs.
Important Information About Our 2FA
- 2FA must be enabled for an entire portal system and not per user. If you feel that this additional security measure is needed for your users, then turn it on.
- Once 2FA is enabled, it becomes required for all users as a security policy for your entire firm. If someone does not own a mobile phone, then consider setting up a third-party online texting service such as Whats App, etc., so they are able to use this security feature. International numbers are not accepted for 2FA due to security reasons. Only numbers in the U.S. and Canada are allowed.
- Each additional device that is used to log in to Legal CRM will require 2FA.
- Every 30 to 45 days after a user enters in a 2FA code, every device they logged into the system with will be required to enter in a new SMS code.
📵 If a user does not have a mobile number in Legal CRM, then the system will prompt each user to enter their mobile number one time, during the first use, at the time of login if a mobile number is not present. As a reminder, international numbers are not accepted for 2FA due to security reasons. Only numbers in the U.S. and Canada are allowed.
Here is why: Outside of Legal CRM or other apps, an unauthorized party could potentially compromise a law firm computer and steal passwords. 2FA is a great tool to add additional security but is only as useful as how it is implemented. That same unauthorized party could potentially enter their own mobile phone number for your user, if you did not enter your staff's mobile numbers ahead of time, unbeknownst to them. With that said, how your firm implements this feature is up to each firm, not Legal CRM.
P.S. In the future, Legal CRM will also be offering 2FA through an authenticator app, but that secondary verification feature is not currently available at the time of writing this support article.
Why Is My Account Locked?
⚠️ If there are too many failed attempts when entering in your verification code, your account will be locked. To have your account unlocked, please contact your support team.