Skip to main content

Two-step authentication (2FA)

Overview

Safeguarding your account is our top priority. To protect your brokerage and client data, we are requiring two-factor authentication (2FA) for all users. This added layer of security ensures that even if your password is compromised, your account remains protected.

Setting up 2FA is a simple process, and we've outlined the steps below to guide you through it.

What is Two-step authentication?

Two-step authentication (2FA) is an extra layer of security for your BoldTrail BackOffice account. This security measure ensures that you're the only one who can access your account, better protecting both your brokerage and your client's private information.

Instead of only entering a password to log in, you'll also enter a one-time code. You can get this code from an authenticator app on your phone, or by SMS or voice call.

How to set up Two-step authentication (2FA)?

When you set up 2FA, you'll see two options: Authenticator app (recommended) and Phone. Choose one and follow the steps below. If you pick the wrong one, you can always go back to the previous step.

Set up with an authenticator app (recommended)

  1. On the "Secure your account" screen, select Authenticator app, then click Setup authenticator app.

  2. On your phone, open an authenticator app such as Google Authenticator or Authy.

  3. In the app, add a new account and scan the QR code shown on screen.

  4. The app shows a 6-digit code that changes every 30 seconds. Type the current code into the Code field and click Verify.

  5. You're all set. Open your app to get a code each time you sign in.

Set up by phone (SMS or voice call)

  1. On the "Secure your account" screen, select Phone.

  2. Enter your mobile number and choose whether to get the code by SMS or voice call.

Enter the verification code you receive and click Verify. You're all set!

If you check Remember me during login:

  • The system will remember your device for 10 days.

  • During those 10 days, you won’t need to enter your email/password and 2FA code again when logging in from the same device and browser.

If you log out manually, clear your browser cookies, or if your session expires, BoldTrail BackOffice will ask you for 2FA again - even if it’s been less than 10 days. The 10-day “remember me” applies only while your login session remains active.

When are users prompted to enter their 2FA credentials?

When 2FA is enabled, users are required to enter 2FA credentials each time a username/password login is necessary. This includes instances such as initial log-in, logging in from a new device, after signing out, or when the browser cache has been cleared.

By enabling the "Remember me" option during login, users can reduce the frequency of prompts on trusted devices.

Additionally, if your browser session is interrupted or dropped due to minimization or suspension, or if the session is interrupted unexpectedly, you may also be prompted to re-enter your 2FA credentials.

In accounts with Payments enabled, users will be prompted to re-enter a 2FA code every 60 minutes while performing higher-risk actions, even on remembered devices. These actions include:

  • Paying an agent (Admins)

  • Invoicing an agent (Admins)

  • Changing the bank account linked to their brokerage account (Admins)

  • Changing the bank account linked to their user account (Users)

  • Changing email address (All)

  • Changing password (All)

How to recover access to my account?

Contact your Brokerage Admin to reset your two-step authentication. Admins can do this from Users > (select user) > Reset > Two-step authentication. You'll be prompted to set up two-step authentication again the next time you sign in. You can choose an authenticator app or phone.

How to reset 2FA for a user?

If a user has lost access to their device and cannot log in to the system, we allow admins to reset the Two-step authentication method and prompt the user to set a new 2FA method — whether an authenticator app or phone.

To reset two-step authentication for a specific user, follow the steps below:

  1. Go to Users > (select user) > Reset

  2. In a dropdown menu, select Two-step authentication

  3. Confirm your action by clicking Yes, reset

Next time the user logs in, the system will prompt them to set up two-step authentication again (authenticator app or phone) before they can sign in.

Why am I not receiving SMS messages?

  • Carrier or network delays: Mobile carriers or network congestion can delay SMS messages, sometimes by several minutes. If you experience this issue, wait a few minutes and check again.

  • Account settings or server issues: Sometimes, there may be a glitch in the SMS configuration related to two-factor authentication.

Step-by-Step Troubleshooting for SMS Issues

  1. Retry SMS Verification: Start by requesting the SMS code again. Ensure your phone can receive SMS messages and has a good signal.

  2. Switch to the 'Call Me' Option: If SMS codes do not arrive, use the 'Call Me' option for verification. You will receive a voice call with the code. Additionally, selecting the 'Call Me' method can sometimes reset your SMS authentication settings, allowing SMS to work correctly on future login attempts.

  3. Contact Your Mobile Carrier: If delays persist, contact your mobile carrier to ensure there are no issues with SMS delivery to your number. Verify that your phone plan supports international SMS if applicable.

  • Make sure your device can receive short messages and check that the number 22395 is not on your blocked list.

  • If you're traveling internationally, you may encounter issues receiving SMS for two-factor authentication (2FA). Before your trip, contact your carrier to verify you can receive SMS messages while abroad.

SMS and voice delivery for 2FA is handled through Twilio. Most countries are supported, but a few regions - including some French overseas territories (e.g. French Caribbean: Guadeloupe, Martinique, etc.) - are not currently deliverable. If you're unsure whether your number's region is supported, check Twilio's coverage here: SMS pricing & coverage by country and Voice pricing & coverage.

Numbers must be entered in full international format, including the country/region code. A local-only number (e.g. 9 digits with no country code) will not work.

Frequently Asked Questions

Do all users need 2FA or just certain roles?
All users (admins, agents, TCs, everyone else) must use 2FA when signing in to BoldTrail BackOffice.

How often will I be prompted for 2FA?
On login, unless you’re on a remembered device (remembered for 10 days). If your brokerage has Payments enabled, you’ll be asked to re-enter a code every 60 minutes while performing higher-risk actions (like paying/invoicing agents, changing bank info, email, or password).

What if my device is lost, stolen, or unavailable?
Contact your Brokerage Admin. Admins can reset your 2FA from Users > (select user) > Reset > Two-step authentication. You'll be prompted to set up 2FA again (authenticator app or phone).

Can multiple people share the same login?
For security reasons, account sharing is not recommended. Each user should have their own login credentials and 2FA setup. Sharing logins can result in login failures and security risks.

Why can’t I disable 2FA?
2FA is required for all accounts and cannot be turned off. If you're locked out, your Brokerage Admin can reset your 2FA so you can set it up again (authenticator app or phone) the next time you sign in.

What if my country or region isn't supported by 2FA?

Authenticator apps work anywhere and don't rely on SMS or voice coverage, so this is your best option if your region isn't supported. SMS and voice delivery depend on our provider's coverage. If you'd rather use phone and your region isn't supported, you'll need a number from a supported country. Contact your Brokerage Admin if you need help.

Are there exceptions for MLS or other systems that don’t require 2FA?
No. 2FA is a BoldTrail BackOffice requirement to protect client and transaction data.

How do new users set up 2FA?
Add them as usual. On their first login, they'll choose an authenticator app or phone and follow the steps to set it up.

How do I reset a user's 2FA?

From the Users page, select the user you want to update and click Reset > Two-step authentication.

Authenticator app: code not working

The code changes every 30 seconds. Make sure you enter the code that's showing right now. If your codes keep getting rejected, your phone's clock may be off. Turn on automatic date and time in your phone settings, then try again.

Which authenticator apps can I use?

Any standard authenticator app works. Common ones are Google Authenticator and Authy.

What if I lose access to my authenticator app?

It's the same as losing your phone. Ask your Brokerage Admin to reset your two-step authentication, then set it up again the next time you sign in.

Can I switch between an authenticator app and phone?

You can switch during setup using "Wrong choice? Go back to the previous step." To switch later, ask your Brokerage Admin to reset your 2FA, then choose the other method the next time you sign in.

Related Articles
Checklist templates
Personal and Company Reports
Release Notes
Collecting Agent Outstanding Balance
A Day in the Life of an Admin [Canada]
Did this answer your question?