What is 2-Step Authentication

Why use 2-Step Authentication

Cybercriminals use phishing emails and other scams to try and get users’ login credentials and gain access to sensitive data across the web.

Two-step authentication (2-SA) is an optional safety measure that provides an extra level of security; It is an additional step you can take to keep your PVC account safe. Protecting yourself with 2SA makes it much harder for someone else to impersonate you and gain access to your Xero account.

2-SA Functionality Explained

After entering your unique ID, username, and password, you generate a code using an app on your phone, tablet, or computer. You enter the code in PVC to access your account.

  • The app generates a new code every 30 seconds, so the code is different each time you log in.
  • No one else can log into your account. You are the only one who knows your email and password AND has access to your authentication device.
  • If you access different organizations using different logins, you can set up separate 2-SA accounts for each login with the same app.
  • If you use the same computer and browser each time you log into PVC, you can choose to enter the code once every 30 days instead of every time you log in.

Which Authentication App to Use

If you already use an authenticator app, you can add multiple PVC accounts to it.

If you don’t have one already, there are some here are our recommendations:

  • Google Authenticator(Google Accounts Help Center) for Android devices, iPhone, iPod Touch, iPad, and BlackBerry devices
  • Authy(Authy website) for iPhone, iPad, Android, Mac computers and Windows computers
  • Windows Authenticator(Microsoft Store) for Windows Phones

Alternatively, you can search for ‘authenticator’ in your device’s app store. The apps are free, and there are a few options you can choose from.

To improve security, we recommend downloading the app to a different device than the one you use to access PVC.

How it Works

Although you use a third-party app to generate the codes, there’s no transfer of data between them.

  • The app automatically generates new codes. It doesn’t need a network connection or mobile signal to do this.
  • When you enter the code from your app, it matches PVC’s generated code. This ensures that it’s you logging in. Both codes are generated using the same secret key that’s unique to you. No two PVC organizations generate the same code.
  • When you set up 2-SA, enter the key into your app by scanning a barcode or entering it manually. If you need to re-generate a code, you need to disable 2SA, then set it up again.

The codes are time-based, so make sure the time on your authenticator device is in sync with PVC. Let your network provider set the time automatically on your device to prevent getting an out-of-sync or invalid code error.

Options for Recovery

If you don’t have access to your authentication device, you can use the security question login option. You will have to provide an answer to one of the security questions you set up when installing the authenticator app.