Use 2-Step Verification

2-Step Verification (2SV) adds enhanced security to your CCH iFirm site. It is a method of confirming your identity. You are granted access to CCH iFirm only after successfully presenting an additional piece of evidence to your password, such as a security number received by email or a code generated by a smart phone application like Google Authenticator.

If you use the Client Portal module, your portal subscribers will be required to use 2-Step Verification when they log in to their portals.

You are required to register for 2-Step Verification on every device (computer, tablet, iPad and so on) and browser that you use. When you log in to CCH iFirm from a specific device and browser, you will see the 2-Step Verification page. If you log in to CCH iFirm using a different device, or the same device but a different browser, you will need to register once again.

  1. On the Multi-Factor Authentication page, select your preferred option for receiving the authentication code: Google Authenticator, e-mail, or text message.
  2. Click Proceed, then follow the steps below, depending on the authentication option you chose.

You can register your mobile device using Google Authenticator by logging into the application and accessing your user settings to configure the site’s QR code.

  1. Install the Google Authenticator app on your mobile phone, from either the Android Play Store or Apple Store.
  2. Once installed, open the Google Authenticator app on your mobile device.
  3. Log into the CCH iFirm site using the E-mail to or Text message to option.
  4. Go to SettingsUsers and select the user. In the Edit User page, click the Multi-Factor Authentication tab and , in the Google Authenticator App section, click the Setup button. Follow the steps to add Google as an authentication option.
  5. On your mobile device, tap the Begin Setup button, then tap the Scan barcode link.
  6. Next time you log in to your CCH iFirm site and reach the Multi-Factor Authentication page, select the Google Authenticator option and click Proceed. Then, in the Authentication code box, enter the code generated by the app on your mobile device.
  7. Click Submit.

Once registered, the next time you use that device and/or browser, you will not need to scan the QR code. You will only need to enter the code from your phone into CCH iFirm. The code will be different each time. If you select the Remember me check box, you will not have to enter a code for the next 90 days.

The Remember me feature should not be selected if you are using a public or shared computer or device.

  1. On the CCH iFirm Multi-Factor Authentication page, once you selected E-mail to and clicked Proceed, an e-mail containing an authentication code will be sent to you.
  2. In the Authentication code box of the CCH iFirm Multi-Factor Authentication page, enter the code you received.
  3. Optional: To avoid having to register again for the next 90 days when using this device or browser, select the Remember me check box, then enter a name for the device and/or browser you are using.

The Remember me feature should not be selected if you are using a public or shared computer or device.

  1. Click Submit.

 
  1. On the CCH iFirm Multi-Factor Authentication page, once you selected Text message to and clicked Proceed, an authentication code will be sent in a text message to the registered mobile number in your CCH iFirm user account.
  2. In the Authentication code box of the CCH iFirm Multi-Factor Authentication page, enter the code you received.
  3. Optional: To avoid having to register again for the next 90 days when using this device or browser, select the Remember me check box, then enter a name for the device and/or browser you are using.

The Remember me feature should not be selected if you are using a public or shared computer or device.

  1. Click Submit.

The Remember Me feature is suitable if you often use the same device and/or browser to access your CCH iFirm site. It enables the system to remember (for 90 days) the particular device and/or browser you are using, so you do not have to go through the authentication process every time you log in to your CCH iFirm site. The next time you log in to CCH iFirm using that device and/or browser, you will bypass the Multi-Factor Authentication page and therefore, not have to enter an authentication code.

For security reasons, this feature works for 90 days for each device and/or browser you add. When the 90 days is up, you will need to go through the authentication process once again.

To manage the devices and browsers you have asked the system to remember, go to your CCH iFirm user account > Multi-Factor Authentication tab.

  1. Access your CCH iFirm user account.
  2. Click the Multi-Factor Authentication tab to: 
  3. View your authentication information:
  4. The email address that will be used if you select the email authentication option. This is for reference purposes only. If you need to change the address, you can do it on the Details tab.
  5. The mobile number that will be used if you select the Text message to authentication option. This is for reference purposes only. If you need to change the mobile number, you can do it on the Profile tab.
  6. In regards to the Google Authenticator option:
  7. click the Setup button and follow the steps to add Google as an authentication option.
  8. if you did use this option but you changed your mobile phone or removed its link to CCH iFirm, you can click the Reset button to generate a new QR code.
  9. View the list of the devices and browsers that you added via the Remember me feature.
  10. Optional: To remove (unregister) one or more devices:
  11. Select the check box of the device(s).
  12. Click the Revoke button.
  13. Click Yes to confirm.

The Administrator (Admin) has the option to opt-out of the 2-Step Verification in the Firm Settings.

We highly recommend that you keep this new process enabled in order to provide additional assurance that all users are who they claim to be.

 

As an alternative to disabling 2-step verification, after entering the initial code, you can select “Remember me” to have your computer and browser remember the code for 90 days. This way, the code doesn't have to be entered upon every login. After the 90-day time period, a new code will be sent via e-mail and will need to be entered at login again.

  1. Log into CCH iFirm using the Admin login.
  2. Click Firm SettingsMulti-Factor Authentication Settings.

  1. Clear the check box for Enable Multi-Factor Authentication for my site to opt-out of the 2-Step Verification.

We have improved our multi-factor authentication (MFA) process for firm users who need to reset their lost password by clicking the Forgot your password link.

During the recovery process, when prompted for MFA, users will not be able to use the MFA E-mail to option. They will need to use the Google Authenticator or Text Message to options. We recommend that users proactively configure one of these two options if not already done.

Firm administrators who have the MFA Generate One-Time MFA Code security role, will be able to generate a one-time access code, which will be valid for 10 minutes, for users who are not able to complete the MFA process using the Google Authenticator or the Text Message to option.

To create a one-time MFA access code, open the Edit User page by clicking Security > User Manager and selecting the user. Then, click Create a one-time MFA access code to get the code, which will be valid for 10 minutes.