What is two-factor authentication?
Everlaw’s two-factor authentication increases the security of your account by requiring a second form of authentication - access to your email or mobile device - when logging in. This can prevent unauthorized access to your account by individuals who may steal or guess your password.
Turning on two-factor authentication case-wide
By default, individual users can choose whether or not they want to enable two-factor authentication for their account. However, case admins can turn on two-factor authentication case-wide, which will force all users on the case to go through the additional authentication step even if they did not enable it for their account. To enable two-factor authentication case-wide, navigate to the "general" section in the case settings page, and turn "MFA" on.
Enabling or disabling two-factor authentication as a user
The user profile page contains a section labeled “Security & Authentication” where you can enable or disable two-factor authentication. The profile page can be accessed by clicking on your username in the right of the navigation bar.
Note that if two-factor authentication is enabled case-wide, you will need to perform the additional authentication step even if you did not turn it on for your account.
Using two-factor authentication
If two-factor authentication is enabled, every time you log in, you will be prompted to enter an authentication code that will be emailed to you. The code is valid for ten minutes after it is sent. If needed, you can click the “Email a new code” link on the login page to send a new authentication code to your email.
If you check the "Remember this computer" box on the log in screen, Everlaw will remember your computer or tablet for thirty days. During these thirty days, you will not need to re-authenticate when logging in with the same device. This does not work if you disable cookies or clear your cookie history.
As an alternative to email authentication, you can add an authentication device, like a smartphone or tablet. To add an authentication device, click the green plus icon by the authentication device option in the user profile page. A screen will pop up displaying instructions on how to install the Google Authenticator app (on iOS or Android) which you will use to register your device. After you register your device, you can use the codes it generates for authentication when logging in. If you would like to remove your device, click on the “Delete this device” icon. If you don’t have your device when logging in, you can click the “Email a new code” link on the login page to send an authentication code to your email.
On the user profile page you can also see a list of trusted sessions. You can use this to audit when and where your account was accessed. You can delete your history of trusted sessions by clicking the trashcan icon next to the "trusted sessions" header.