May 24, 2018
By MobileUp Software
- If you have any questions about these updates, please contact us at firstname.lastname@example.org.
Security Enhancement: Two-Step Email AuthenticationMobileUp Software has added an enhancement for user authentication by including a two-step process for clients who use (or wish to use) email addresses to verify the credentials of their mobile app users.
This enhancement will be active in all accounts on Thursday, May 31, 2018.
These screens show a sample workflow from your app users’ point of view as they go through the new login procedure. Please read on for more important information about this new functionality.
For clients currently using email addresses for login purposes:
- This update will appear automatically for the mobile users of your app. There is nothing you need to do in your administrator tools to activate it.
- Existing users of your app will remain logged in and can access the app as usual.
- New users (or current users if they manually log out) will be taken through the two-step process when they try to log in to the app.
- The user will enter the current fields required for login, including their email address.
- Once an email address is submitted, a user will receive a code in their inbox.
- The user needs to enter that code into the app in the input field provided.
- If the user doesn’t receive the code, he or she can retry to obtain a new code by tapping the provided link.
- A verification code is valid for 60 minutes and will then expire. Users should request a new code in the app if the one they have arrived more than 60 minutes before they try to use it.
- The login process will reject an incorrect or expired code and allow the user to re-enter the code or request a new one.
- If the code is correct, the login process will verify that the fields entered match a valid user record stored in the system. If successful, the user is logged in. If unsuccessful, the user is notified that the login failed and they can start the process again or contact you for assistance.
- Once a user successfully completes the two-step authorization, they will remain logged in and do not need to repeat the process unless they manually sign out.
- Although the new code will be in place, nothing will change for app administrators or app users. No action is required.
- That said, app administrators should consider using the two-step login process in the future. Here are a few things to know and evaluate before making this change:
- Two-step authentication provides another layer of security for the login process as users must 1) enter an email address in the app and 2) be able to retrieve a valid verification code sent to that inbox.
- Email addresses become the account identifier field instead of the current field (e.g. member numbers, phone numbers, birth dates, etc.) for your app.
- You need to be confident that your school or association has valid email addresses for your users before making this change.
- If interested in changing to two-step authentication using email addresses, please contact us at email@example.com for assistance.