Enable and use two-factor authentication (2FA) for your Practice Dashboard
This article explains how to enable two-factor authentication (2FA) for your Practice Dashboard and how to log in to FreeAgent using 2FA. It also explains how to disable 2FA.
2FA is an optional security feature in FreeAgent that keeps your dashboard secure if your login credentials ever fall into the wrong hands. Enabling it can help protect your dashboard from unauthorised access, fraud and abuse.
Once enabled, 2FA works in conjunction with an authenticator app on your iOS or Android device to prompt you to enter a randomly generated verification code - in addition to your regular log in credentials - every time you want to access your Practice Dashboard.
Alternatively, you can set up a new email check which will send a verification code to your email address when you log in to your dashboard using a new device that isn't a known device, or after clearing cookies.
Please note:
- To enable 2FA, you'll need to download an authenticator app first on your iOS or Android device that'll allow you to generate the verification codes you'll need to log in to your FreeAgent account.
- The code will always be generated on an authenticator app and will never be sent via SMS.
If you're unable to log in to your FreeAgent account, please see our troubleshooting steps for login problems.
Enable 2FA
Select 'Settings' from the drop-down menu below your practice name.
Select ‘Sign-in and Security’ under the ‘Account Security’ section.
Select the ‘Set up’ button next to the ‘Authenticator app’ option.
Setting up an authenticator app involves four steps.
1. Download an authenticator app
If you haven't already done so, download an authenticator app on your mobile device and select 'Continue'.
It is essential for you to have downloaded an authenticator app in order to continue this process.
2. Scan the QR code
Use the authenticator app on your device to scan the QR code that appears in the pop-up box and then select 'Continue'.
3. Enter the code
The authenticator app will then generate a 6-digit code. Enter the code in the field provided and select ‘Verify code and continue’.
4. Save the recovery codes
Next, you'll be shown your recovery codes which you should keep saved in case you need them in future. Please note that these codes should not be used each time you log in to your dashboard as they are intended to be used for emergencies such as loss of a device. Instead, you should use a code generated by your authenticator app.
Once 2FA is set up, recovery codes should only be used to get you back into your dashboard if you get a new device, lose access to your device, or delete your authenticator app. Please make sure you print them or save them somewhere safe.
Once you've saved the recovery codes, select 'Confirm and finish' to complete the process.
The 'Authenticator app' option will then show as enabled.
Logging in to your dashboard using 2FA
Once you have successfully set up 2FA, you'll need to use your authenticator app to generate a code each time you log in to your dashboard, even if that device is known.
After entering your usual login credentials, enter your verification code and select 'Log in'.
What to do if you're locked out
If you're unable to access your authenticator app, your recovery codes provide you with another way to log in to your dashboard. Select ‘I want to use a recovery code'.
Find your recovery codes from their secure location, type one of them into the box and select 'Log in'.
Each of your 10 recovery codes can only be used once. If you need to, you can generate a fresh set of recovery codes. Please be aware that when you do this, all your previous recovery codes - including those you’ve not yet used - will become invalid, so remember to print or save your new codes to your secure location.
If you don't have access to the recovery codes or you're the only senior account manager in your practice, please contact our support team by selecting the blue Help button at the bottom of the screen and they'll take you through an identity verification procedure to reinstate your access to your dashboard.
Generating new recovery codes
In the 'Account recovery' section of the 'Sign-in and Security' area, select 'View codes'.
Select ‘Generate new codes’.
Remember to print or save your new codes to a secure location.
Disable 2FA
To disable 2FA, select ‘Disable’ to the right of ‘Authenticator app'.
A pop up window will appear asking if you are sure that you want to disable this authentication. Select ‘Disable’ to complete the process.
You'll then be able to log in to your dashboard with only your email address and password.
Managing 2FA when changing devices
If you're changing mobile devices, you'll need to disable the current 2FA set up using the old device. Then, enable 2FA using the new device.
If you're using a switching service, ensure the authenticator app works on the new device before getting rid of the old device.