Two-Factor Authentication, simplified – 2FA, refers to a login process that consists of two parts. In addition to specifying a password, for 2FA an additional identification is required. We support 2FA with a verification code sent by e-mail or SMS, a token that can be generated by a so-called Soft Token app or a trusted IP address. In the latter, it is possible that if the IP address is not trusted, one of the other identification methods is required.
2FA is disabled by default. It can be activated by the supervisor under ‘Account details’, ‘Security’ tab. Once activated it is active for all users unless you disable this 2FA for a specific user.
Another way to further secure your login process is to use the general Ip restriction, outside the 2FA. This will require anyone to always login from a particular IP address. This way you can make sure your Formdesk account is accessible only from certain home addresses, offices and headquarters. If, in addition to the general IP restriction, you enable 2FA your Formdesk account is only accessible with a password, followed by a 2nd identification method AND only from a particular IP address.
Visitors of a login form
Maybe you have forms setup in a way that the visitor must login or register to your form because you enabled the option ‘Visitor must be able to maintain their entries’. In this new release, when viewing the results you can see and modify the visitor information by clicking on the name of the visitor. The visitor’s password is visible in the download and generated by the system code [_fd_password] for different applications. But as soon as the password is registered or modified by the visitor it is no long retrievable because it will be encrypted by ‘one-way hashing’. You will then no longer see the password but ‘** by visitor **’ instead.