2021-12-08 - New authentication process and multi-factor authentication
We have implemented a new user authentication process that will roll out on December 13, 2021. This process includes new login screens that allow for two different means of authentication:
Entering a username/password combination, or using a login link sent by email;
Entering a second authentication factor, in the form of a temporary one-time code (OTP) generated by an authentication application installed on a mobile device or computer, along with a bank of recovery codes.
We have consolidated the management of security related options in a new Security section, located in the users and organizations profile.
For more information, please refer to the following documentation articles:
Users are now the only ones who can set, manage and reset their passwords
The duration of user sessions has been shortened and sessions automatically expire after a period of inactivity
Users can now manage their own authentication token for APIs
The status of user account security options now appears in the user report
In the coming months, the activation of multi-factor authentication will become more and more strongly suggested, to finally become mandatory for all during the year 2022. In addition, user accounts that have not logged in to the platform will be considered inactive. They will therefore have to be reactivated by an administrator and follow the password reset procedure.
We remind you that good security practices are always strongly recommended:
only one person per user account
a strong and unique password
regular password rotation
use of a password manager
Identification is always done with the username, not the email address associated with the account.