When an administrator creates an account for you, an email message is sent to your email address. The message contains the following information:
- Your login. This is the user name that you use to log in. Your login is also shown on the account activation page.
- Activate account button. Click the button and set the password for your account. Ensure that your password is at least nine characters long. For more information about the password, refer to Password requirements.
If your administrator has enabled two-factor authentication, you will be prompted to set it up for your account. For more information about it, refer to Two-factor authentication.
The password for a user account must be at least 9 characters long. Passwords are also checked for complexity, and fall into one of the following categories:
You cannot save a weak password, even though it might contain 9 characters or more. Passwords that repeat the user name, the login, the user email, or the name of the tenant to which a user account belongs are always considered weak. Most common passwords are also considered weak.
To strengthen a password, add more characters to it. Using different types of characters, such as digits, uppercase and lowercase letters, and special characters, is not mandatory but it results in stronger passwords that are also shorter.
Two-factor authentication provides extra protection from unauthorized access to your account. When two-factor authentication is set up, you are required to enter your password (the first factor) and a one-time code (the second factor) to log in to the service console. The one-time code is generated by a special application that must be installed on your mobile phone or another device that belongs to you. Even if someone finds out your login and password, they still will not be able to login without access to your second-factor device.
The one-time code to configure two-factor authentication for your account is generated based on the device's current time and the secret provided by the Cyber Protection service as the QR code or alphanumeric code. During the first login, you need to enter this secret to the authentication application.
To set up two-factor authentication for your account
You can and must configure two-factor authentication for your account when two-factor authentication has been enabled by an administrator for your organization. If two-factor authentication has been enabled while you are logged in to the Cyber Protection service console, you will have to configure it when your current session expires.
- Two-factor authentication is enabled for your organization.
- You are logged out of the Cyber Protection service console.
- Choose a second-factor device.
Most commonly it is a mobile phone, but you can also use a tablet, laptop, or desktop.
- Ensure that the device time settings are correct and reflect the actual current time, and that the device locks itself after a period of inactivity.
- Install the authentication application on the device. The recommended applications are Google Authenticator or Microsoft Authenticator.
- Go to the Cyber Protection service console sign in page and set your password.
The service console shows the QR code and the alphanumeric code.
- Save the QR code and the alphanumeric code in any convenient way (such as, print out the screen, write down the code, or save the screenshot in cloud storage). If you lose the second-factor device, you will be able to reset the two-factor authentication by using these codes.
- Open the authentication application, and then do one of the following:
- Scan the QR code
- Manually enter the alphanumeric code to the application
The authentication application generates a one-time code. A new code will be generated every 30 seconds.
- Return to the service console login page and enter the generated code.
A one-time code is valid for 30 seconds. If you wait longer than 30 seconds, use the next generated code.
When logging in the next time, you can select the checkbox Trust this browser…. If you do this, the one-time code will not be required when you log in by using this browser on this machine.
What if I lost the second-factor device?
If you have a trusted browser, you will be able to log in by using this browser. Nevertheless, when you have a new device, repeat steps 1-3 and 6-7 of the above procedure by using the new device and the saved QR code or alphanumeric code.
If you have not saved the code, ask the administrator or service provider to reset the two-factor authentication for your account, and then repeat steps 1-3 and 6-7 of the above procedure by using the new device.
What if I want to change the second-factor device?
When logging in, click the Reset two-factor authentication settings link, confirm the operation by entering the one-time code, and then repeat the above procedure by using the new device.