Skip to main content
All CollectionsAgentsGetting Started
Two-step authentication (2FA) for Admins
Two-step authentication (2FA) for Admins
Updated over 3 months ago

Overview

Safeguarding your account is our top priority. That's why we strongly recommend enabling two-factor authentication (2FA) upon login. This additional layer of security ensures that only you can access your account, even if your password is compromised.

Setting up 2FA is a simple process, and we've outlined the steps below to guide you through it. Enabling this feature is a proactive measure that significantly enhances the protection of your sensitive information and gives you peace of mind knowing your account is secure.

To prevent account problems, avoid sharing logins within the team and stick to using one phone number per account.

What is Two-step authentication?

Two-step authentication (2FA) is an extra layer of security for your BoldTrail BackOffice account. This security measure ensures that you're the only one who can access your account, better protecting both your brokerage and your client's private information. Instead of only entering a password to log in, you’ll also enter an authentication code received via SMS or phone call on your device.

When is Two-step authentication mandatory?

For customers utilizing BoldTrail BackOffice partner services, such as Payload or Braintree, 2FA is automatically enabled. This ensures an extra layer of security for transactions involving payments.

How do admins enable Two-step authentication?

  1. Navigate to the Company page under the SETTINGS section

  2. Under the TWO-STEP AUTHENTICATION section, click the toggle to enable 2FA.

  3. Before enabling, you will be prompted to confirm that the new login requirement has been communicated to users.

What will happen when I enable Two-step authentication?

Enabling Two-step authentication for your account is a significant security enhancement. Once activated, all users will be logged out of their accounts as a security precaution. They will then receive prompts to set up 2FA on their devices.

We recommend informing your users in advance of this change to prevent any confusion and ensure a smooth transition.

This added layer of protection ensures that only authorized individuals can access their accounts. ​

How do users set up Two-step authentication?

Please note that one number can be reused multiple times for different users.

  1. When prompted, they enter a mobile phone number and select whether they want to get the code via SMS or voice message.

  2. Next, they enter a verification code and click Confirm.

  3. All set! They've secured their account with Two-step authentication. Each time a user log in to BoldTrail BackOffice, they will be prompted to enter a unique token sent to their mobile phone number.

After successful login, the system will remember their device for the next 10 days.

When are users prompted to enter their 2FA credentials?

When 2FA is enabled, users are required to enter 2FA credentials each time a username/password login is necessary. This includes instances such as initial log-in, logging in from a new device, after signing out, or when the browser cache has been cleared.

Furthermore, users with Payments enabled accounts will be prompted to enter 2FA credentials every 60 minutes, regardless of activity, when engaging in actions associated with higher fraud risk. These actions include:

  • Paying an agent (Admins)

  • Invoicing an agent (Admins)

  • Changing the bank account linked to their brokerage account (Admins)

  • Changing the bank account linked to their user account (Users)

  • Changing email address (All)

  • Changing password (All)

How do users recover access to their accounts? What if I they access to their device or need to reset their phone number?

If a user has lost access to their device and cannot log in to the system, we allow admins to reset the Two-step authentication method and prompt the user to set up a new phone number upon the next login.

To change the existing Two-step authentication (2FA) number for a specific user, please follow the instructions below:

  1. Go to Users > (select user) > Reset

  2. In an opened dropdown, select Two-step authentication and click Yes, reset

Next time the user logs in, the system will prompt them to set up the new phone number again and they will proceed with logging in via two-factor authentication.

How do admins recover access to their account?

Admins should contact BoldTrail BackOffice Support for assistance in recovering their account.

How can I troubleshoot issues with not receiving SMS messages?

The two most common causes of not receiving SMS messages include:

  • Blocked Short Messages: Make sure your device can receive short messages and check that the number 22395 is not on your blocked list.

  • International Travel Complications: If you're traveling internationally, you may encounter issues receiving SMS for two-factor authentication (2FA). Before your trip, contact your carrier to verify you can receive SMS messages while abroad. Alternatively, ensure at least two individuals have admin capabilities to handle 2FA resets and sensitive actions in your absence. For security reasons, our support desk cannot reset 2FA on your behalf.

If the issue persists, contact your carrier.


Did this answer your question?