Two-Step Verification to prevent unauthorised access

Featured
Follow
Pallabi Patnaik
  • Edited

Dear Users,

We, finally, have one of our most awaited features available on production now. We know this is about time and appreciate your patience.

Two Step Verification (2SV) a.k.a. Two Factor Authentication is now available as a user-level setting for enrolment by choice. 

  • Enabling 2SV will need setting up a two factor authenticator app (eg. Google Authenticator, Microsoft Authenticator etc.) with Podio. You can add an account on your authenticator app by scanning the QR code or entering the text code on your Podio screen as shown below.

  • Once the authenticator app is set up, you will be provided with a list of 10 recovery codes
    • These recovery codes will serve as backup security codes in case the authenticator app does not work or is unavailable while logging into Podio
    • This set of recovery codes cannot be accessed later, so you will need to copy / download these codes and save them securely so that they can be used to access Podio when required.
    • 2SV can be enabled for you only after the recovery codes have been copied/downloaded

  • Once 2SV is enabled, while logging into Podio,
    • You will see an additional step to enter verification code, both on web and mobile.
    • If authenticator app is unavailable, you can choose to verify using a recovery code for logging into Podio

Key points to note on RECOVERY CODE usage:

  • Ensure you save your recovery codes in a safe yet accessible location.
  • No backup for backup codes: There is currently no easy backup way for you to log into Podio if you lose both your authenticator app as well as your recovery codes. 
  • Recovery codes cannot be accessed later. So if you misplace your set of recovery codes, you should generate a fresh set of recovery codes and keep them handy.
  • Every recovery code is designed for a one-time use only. You need to keep track of recovery codes being used so that you can generate a fresh set of recovery codes when needed.
  • For generating a fresh set of recovery codes, you should disable and enable 2SV again.

Details about 2SV for Podio have been updated in our help centre: Two-Step Verification

Please reach out to our team here incase of any further queries.

//Pallabi - Podio Product Manager

 

6

Comments

11 comments

Date Votes
  • Matthew Byrne

    This is fantastic news!  Thanks!

    2
    Comment actions Permalink
  • Bill Carovano

    This is great!  I've been using 2FA in beta for a few months now and am really excited about this enhancement to the security of my Podio account.

    1
    Comment actions Permalink
  • Joel Ordesky (Private Guru)

    Much anticipated and appreciated!

    The beta of this worked flawlessly so existing customers should be able to move forward with confidence in using it. 

    Google Authenticator works well with it as does 1password's new 2FA support. 

    Thanks to the Dev team for pushing to get this function live!

    1
    Comment actions Permalink
  • David Fraters

    great, can this be implemented organisation wide? 

    1
    Comment actions Permalink
  • FSP Administrator

    Hi. Is the 2FA on per user account basis. or can it be set as requirement for all members(and or guests) in an organisation?

    0
    Comment actions Permalink
  • Marc Decroos

    And what is the logic behind the expiry ? I can continu without 2FA for days if I remain on the same computer/same account but I had already also the case that in the middle of Podio activity I'm thrown out and had to log in again with 2FA. What makes this happen ?

     

    0
    Comment actions Permalink
  • Joel Ordesky

    Marc: the spontaneous logout is a known bug and is being worked on. 

    Admin & David: There is a feature request for organization-wide enforcement of 2FA.

     

     

     

     

    0
    Comment actions Permalink
  • System Admin

    It all appears a bit odd now as it asks at Podio login for the type of 2FA (extra screen) but this is already defined in the Sharefile account that has unified login? Did someone miss checking this. Just gets in the way for our users as it worked just fine before logging in via Sharefile credentials which had 2FA. Does this need to be checked out?

    0
    Comment actions Permalink
  • Khang Nguyen
    • Edited

    Hi, I recently activated 2SV. I'd like to know how many days while using the same machine until I am asked to enter the 2SV code again?

    I understand I will be asked for 2SV code after I log out and re-log back in. But what if I don't ever log out, how many days before I am automatically logged out or asked to re-enter 2SV code?

    Other systems has the option to not check 2SV for 30 days.

    0
    Comment actions Permalink
  • Pallabi Patnaik

    Thanks for the appreciation and sharing your beta experience Bill Carovano and Joel Ordesky (Private Guru). Also thanks for responding to customers' queries in the meanwhile.

    Khang Nguyen Time based auto logout is not supported currently. So if you are using the same machine, you will asked to enter the 2SV code only when you log out and log back in. 

    System Admin If your users are logging in via ShareFile credentials, they can continue to do so. This 2SV feature is targeted at users who are logging into Podio using Podio username password (not any other form of SSO).

    And yes, as Joel mentioned above, organisation wide (employees / externals / both) 2SV enforcement is a roadmap item we have already noted as a feature request.

    /Pallabi - Podio

    0
    Comment actions Permalink
  • Shenaaz Hoosein
    • Edited

    I accidently deleted one of our work accounts from the Authenticator App and now when we try to log into Podio under this account it asks for the code which I cannot access and do not have any back up codes for this account!  Please help?

    -1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk