Your business needs to know the basics of staying secure online. Avoid reusing passwords and always be on the lookout for sketchy emails. Good work! Now, take your team security practices to the next level.
Keep your dashboard account extra-safe by adding an additional level of verification after entering your password—multi-factor authentication (MFA). The purpose of multi-factor authentication is to reduce the value of a stolen or guessed password, forcing each user to prove they are who they claim to be.
There are two options for universal MFA within your dashboard account.
- Receive a security code via email to verify your login (this option is enabled by default).
- Generate a security code through a third-party app on your phone, tablet or computer (device support depends on the app you use).
MFA is enabled at the individual account level, so each team member can choose what’s best for them. Encourage your team members to enable MFA for their individual accounts. MFA is a simple tool for helping your business stay safe online and can secure your dashboard.
MFA will be a requirement for all dashboard users later this year.
Prepare Your Team for Universal Multi-Factor Authentication
Is your team ready to make the leap as the login process evolves? This checklist will ensure you are using best practices for dashboard access.
Visit the Team page in the dashboard and review these items.
Note: You’ll need account owner access or edit access to the Team page to manage the following items:
- Confirm that each team member has their own account.
- Friendly reminder: don’t share passwords. By creating unique accounts for each team member, you can set up permissions to allow access to all areas of the dashboard, or you can configure custom permissions. This guide explains how to create individual logins and choose precise permissions.
- Ensure that email addresses for each account are up-to-date.
- If a team member’s email has changed, you should deactivate their old account and create a new one.
- If the account owner’s email address needs to be updated, you should contact your Dwolla Account Manager. Your account owner will need to verify their identity to update this information.
- Deactivate old accounts.
- If someone has left your company or moved to a different role, you should deactivate their account so they no longer have dashboard access.
- Delete expired invitations.
- You can quickly remove old dashboard access invitations.
Set Up Third-Party App Authentication
Email authentication is used by default to verify your dashboard login. Enhance your security even further by using a third-party soft-token app such as Google Authenticator or LastPass Authenticator on your phone, tablet or computer (device support depends on the app you use) as your second-factor. The term “soft token” is used to describe the fact that the authentication token, or code is generated by software.
Follow these steps to change your authentication method to a third party app:
- Click your name in the upper right corner of the dashboard. Choose Security from the dropdown menu.
- On the Universal Multi-Factor Authentication card, click Change MFA Method.
- A new tab or window will open to enable two-factor authentication. Enter your password to continue.
- The next screen will prompt you to choose an authentication method. Select Use a third-party app. Hit Next to continue.
- Open your third-party app and follow the directions on screen to link the app to your Dwolla account.
- Enter the six-digit code generated by the device into the appropriate field and click Enable two-factor authentication.
- A confirmation message will load. You can close this tab or window and return to the dashboard. Refresh the Security page to see your changes.
Note: If you replace your phone, tablet or computer that handles third-party app authentication, follow the app’s instructions for how to configure the application on a new device. To ensure a seamless account login process during this time, it is recommended that you switch to email authentication prior to changing your device.
With the right planning, transitioning to multi-factor authentication can be a simple process for your team.
Use this checklist to start the conversation with your team and get rolling. Ultimately, ensuring that only authorized individuals have access to your Dwolla Dashboard equals better security for your transactions and customer information.