When using a username and password to log into your account, you are only using single-factor authentication. This process is susceptible to security threats because it represents a single piece of information a malicious person requires.
Employment Hero allows you to enable two-factor authentication for your account. Which means you will need two verification steps before you can access your account. The additional step is an authentication code sent as a text message (SMS) or via an authentication app.
Once enabled, your account generates a unique authentication code any time there is a sign-in attempt from an unrecognised device. To sign into your account, it will require you to know both the password and have access to the authentication code sent as a text message (SMS) or via an authentication app.
Important
You can enable mandatory two-factor authentication from your employment settings page. To read further details on how to access this feature, refer to this article.
If one of your employees has trouble accessing their account with Two-Factor Authentication enabled, you can reset their Two-Factor Authentication access via the Security Report feature. To read further information on this feature, refer to the following article.
If you are an account owner, administrator, or user with access to other employees' superannuation/tax information, we require you to enable two-factor authentication to access this information. The reason for this is because of the Australian Tax Office (ATO) updated digital service provider operational framework. You can find more information here.
HR Best Practise
Enabling 2FA delivers an extra layer of protection for your user accounts that will decrease the risk of unauthorised access and platform breaches.
Availability
| HR Plan: | Free | Standard | Premium | Platinum |
| User Access: | Employee | Manager | Admin |
We base the default access level on a per user basis and whether they have view, edit and delete access and excluding any changes made via our Custom Security feature.
Getting started
Important
Users on a standard, premium and/or platinum plan can use two-factor authentication via an authenticator app or SMS. Employment Hero users on a Free plan will only be able to use two-factor authentication via an authentication app.
- Click the User drop-down.
- Click on the Account Settings button.
- Click the Setup button.
- Select the Through an authentication app option.
- Click the Continue button.
- Scan the QR code using your authenticator app.
- Click the Continue button.
- Type the code number from your authentication app into the Text field.
- Click the Continue button.
- Select from the following recovery code options:
- Download.
- Print.
- Copy.
- Click the Done button.
- Click the Yes button.
Important
If you no longer have access to your phone and can not access an authenticator service via text and/or an app, you can use the recovery code to sign in. Please store this code in a safe place.
Important
Employment Hero users on a Standard or Premium plan can use two-factor authentication via an authenticator app or SMS. Employment Hero users on a Free plan will only be able to use Two-Factor Authentication via an authentication app.
- Click the User drop-down.
- Click on the Account Settings button.
- Click the Setup button.
- Select the Through SMS Text Messages option.
- Click the Continue button.
- Select your phone region via the Country drop-down.
- Type your phone number into the Phone Number field.
- Click the Continue button.
- Type the verification code sent via text message into the Verification Code field.
- Click the Continue button.
- Select from the following recovery code options:
- Download.
- Print.
- Copy.
- Click the Done button.
- Click the Yes button.
Important
If you no longer have access to your phone and can not access an authenticator service via text and/or an app, you can use the recovery code to sign in. Please store this code in a safe place.
Editing data
- Click the User drop-down.
- Click on the Account Settings button.
- Click the Edit button.
- Complete the following fields:
- Recovery question.
- Recovery answer.
- Current password.
- Click the Save button.
Removing data
- Click the User drop-down.
- Click on the Account Settings button.
- Click the Disable button.
- Enter your password and click the Continue button.
Further information
If you lose access to your two-factor authentication device, e.g. you lose your phone, you can still log in to your account. When prompted for your authentication code, enter your recovery code shown during the two-factor authentication setup.
Once you have logged in to your account, update your two-factor authentication information.
If you change to a new phone number, you will need to disable two-factor authentication and then re-enable two-factor authentication using your new number.
Rather than having a code sent to you via SMS when you sign in, an authenticator app on your phone can generate a code. You can enter this into Employment Hero the same way as with text codes. Authenticator apps do not have access to your Employment Hero account or your personal/sensitive information.
The below-listed countries support the ability to receive a two-factor authentication code via a text message:
- Australia.
- Aland islands.
- Cocos islands.
- Christmas island.
- Finland.
- Malaysia.
- New Zealand.
- Philippines.
- Singapore.
- Vietnam.
- United Kingdom.
Author recommended
So you have now set up your two-factor authentication and you are now wondering, what next can I do. There are two recommendations I would make on this front and they are:
- Resetting your login password, account unlocking and (2FA) Two Factor Authentication | HR Platform This article covers how you can you reset your log in password if you can not remember your password, how you can unlock your account and also how to reset your two-factor authentication code.
- How do I set my account language | HR FAQ This FAQ covers a common question we receive around how you can set your account language for your Employment Hero HR platform.
Comments
Article is closed for comments.