Clockwork Recruiting Multi-Factor Authentication
What is multi-factor authentication?
Multi-factor authentication (MFA) is a method of account access control that ensures greater security and identity protection. A user will be granted access only after he or she successfully submit multiple pieces of information to
MFA in Clockwork
The Clockwork application uses multi-factor authentication to ensure that your identity and sensitive information stay protected at all times. Upon setup of MFA on a new or existing user account, the application will request your login email and password, and you will then be prompted to scan a QR code into one the various authenticator applications available (see the list below).
Once scanned, the authenticator app will read your QR code and give you a one-time only, super secret access code, which you can then enter into the space provided by the Clockwork application. Entered correctly, the access code will automatically open the Clockwork application.
Note: MFA cookie expiration can vary from a matter of minutes to two weeks.
Once the authenticator application has read your QR code, only that application on that device will be able to supply the correct access code to your account.
MFA Using Authentication Applications
- Log in with your email and password.
- Download or access your preferred authenticator application (see a list of authentication applications, below).
- Scan the QR code onscreen with the authenticator application of your choosing.
- Enter the code provided by your authenticator application after successfully scanning the on-screen code.
- Voila! You are officially authenticated.
There are many free authenticator apps in both Google Play and the App Store. But they’re not the same thing as QR readers — although you will need a QR scanner to make this all work, they are two separate tools. Be sure to select an authenticator app and not just a QR code reader.
Apple App Store: Google Play:
MFA Using Other Methods
Time-based one-time passcodes (TOTP)
TOTP-based two-factor authentication involves generating a temporary, unique passcode that only works for a certain amount of time, typically 30-60 seconds. After generating the passcode, a user must type it in manually to authenticate for access.
- A user logs into a website/application with a username and password.
- A unique one-time code is generated on the server and sent via email to the user.
- The user retrieves the code from the email and enters the code into the app.If it's valid, the user is authenticated and a session is initiated.
For more documentation on TOTP and Email authentication, reference the following: Different Ways to Implement
- If your application can’t read the QR code, try a different authenticator application.
- If the code supplied by your application is not correct, wait for the application to refresh with a new code and enter it again. Also, make sure you’re using the correct code for the account you’re trying to access. You can do this by confirming in your application that the name and login email attached to the code is the same as the login
information you are attempting to use.
- If you’ve tried all that and you’re still having trouble, contact Clockwork support.