2-step verification

To enable 2-step verification:

1. Go to Settings > Users & Permissions > Users and select the user.
2. Navigate to Account > 2-Step Verification.
3. Enable 2-step verification > Add a mobile number.
4. Enter the verification code sent to the provided mobile number.

Once verified, the account will be secured, and future login verification codes will be sent to the registered mobile number.

After 2-step verification is enabled, users must enter a verification code sent to their phone number each time they log into the Dashboard.

To update the phone number attached to 2-step verification:

1. Go to Settings > Users & Permissions > Users and select the user.
2. Navigate to Account > 2-Step Verification.
3. Click Reset.
4. Enter the verification code sent to the new phone number.
5. Once verified, the new number will replace the previously-listed number in your 2-step verification process.

A recovery phone number helps verify a user if their registered 2-step verification phone number is unavailable.

To add or update your recovery phone number:

1. Navigate to Settings > Users & Permissions > 2-Step Verification.
2. Add a company recovery phone number.

If you are having trouble with 2-step verification, follow the instructions below based on the issue you are encountering.

I didn’t receive a code

1. Check that you’re using the same phone number registered for 2SV.
2. Confirm that you are able to receive SMS messages on the listed phone number.
3. If you have an Android device, check that the verification message wasn’t misdirected to the SMS spam folder.
4. Confirm that your device is connected to Wi-Fi or cellular data and not experiencing network issues.
5. Try again by requesting a new code:
   • If you’ve received the code: Great! You’re all set.
   • If you have not received the code: Contact our Support team.

I’m receiving the wrong code

Enter the code immediately upon receiving it. If it still doesn’t work after trying again, contact our Support team.

I received a code I didn’t request

Are you sharing an account with another user?

• Yes: For the best security and user management, we advise setting up separate accounts for each team member.
• No: Your account may have been compromised, please update your account password.

Is 2-step verification mandatory?

Yes, starting on the date specified in the email you received, 2-step verification will be required for all logins. This extra layer of security helps prevent unauthorized access and protects your business data.

What are the potential risks of not using 2-step verification?

Without 2-step verification (2SV), your account relies solely on a password for protection. In today’s environment, where cyber threats and phishing attacks are increasingly common, a password alone may not be enough to prevent unauthorized access.

• Unauthorized access: If your login credentials are compromised, a malicious actor could gain full access to your Dashboard, including sensitive customer information, booking data, and financial details.
• Security incidents: Without 2SV, it’s easier for attackers to exploit your account and potentially expose customer data, which can damage your reputation and erode trust.
• Operational disruption: A compromised account could result in cancelled bookings, altered schedules, or fraudulent activity, directly impacting your day-to-day operations and revenue.
• Increased liability: If a breach occurs and security best practices like 2SV aren’t in place, your business could be held liable for resulting damage or data loss.

How does 2-step verification affect logins on the FareHarbor mobile app and FareHarbor Dock?

When 2SV is enabled, users must enter a verification code when logging into the FareHarbor mobile app and FareHarbor Dock.

Note: 2SV settings cannot be updated within the app—any changes must be made via a web browser.

How often will users be required to enter a 2SV code?

Users will be prompted to enter a 2SV code each time they log in. If a user does not manually log out, their session will remain active for 14 days. This applies even if FareHarbor is closed on the device or if the device you are using is restarted.

Can I use a landline as my company recovery phone?

Yes, you may use a landline as your company recovery phone. This number is used for voice calls during account recovery and does not need to receive text messages.

What are the options for users in remote areas or those who travel frequently?

Users stay logged in for 14 days unless they manually log out. Email-based 2SV is available as an SMS alternative. Clients may opt out of 2SV if it significantly impacts operations but must acknowledge the security risks and potential liability.

Is email available as a method for receiving 2SV codes?

As an alternative for users who cannot receive SMS codes, email-based 2SV is available. Please note that setting up 2SV for the first time with a phone number is still required.

Are other 2SV methods like DUO, Authy, Google Authenticator, or similar apps supported?

Currently, we are not supporting authentication apps like DUO. However, email-based 2SV is available as an alternative verification method.

What if multiple users share a single login for the Dashboard?

For the best security and user management, we recommend using separate accounts and phone numbers for each team member. Additionally, with mandatory 2SV, each user needs their own login to securely set up and manage their 2SV settings. More information on adding new users can be found here. If this is not possible, using a shared email (though not advised) is an option. Alternatively, clients can remain logged in to avoid repeated prompts or they may request to opt out, accepting the security risks involved.

Can the same phone number be used for multiple user accounts?

Yes, the same phone number can be used for multiple users, but it’s not recommended due to potential confusion during the login process.

Do the mobile or Dock apps require a 2SV code every time it’s opened?

No, the 2SV code is only required when logging in. If the app uses biometrics like Face ID to unlock, but remains logged in, a new code won’t be needed.

Why am I asked to log in multiple times a day?

If you manually log out or if the system clears your session, you will need to log in again. If this happens unexpectedly without logging out, please reach out to our Support team.

Who can enable 2SV for a user?

Each user must enable 2SV from their own account. 2SV cannot be set up by an admin or another team member on behalf of another user.

Why is 2SV required for view-only users or guides?

All users, regardless of permission level, can potentially access sensitive information. This makes 2SV necessary to help prevent data breaches.

Are USB hardware tokens supported for 2SV?

USB hardware tokens are not currently supported for 2SV, but feedback about hardware-based 2FA is being collected and considered for future development.

Why am I receiving a “Please wait X seconds before requesting another code” message?

This may occur if you repeatedly request new codes too quickly. Ensure that you’re waiting the full time displayed before retrying. If the issue persists despite following the instructions, update the mobile app and contact our Support team.

Can I schedule a consistent logout time (for example: every night at midnight)?

This is not currently possible. Logouts occur based on session expiration (14 days). Users can manually log out at the end of the workday to reset their session timer.

Is there a limit to how many users can set up 2SV?

No, all users of a company should be able to set up and use 2SV on their own accounts without any limitations.

Is there any cost to adopting 2SV?

FareHarbor does not charge for receiving 2SV codes via SMS or email. However, phone carrier message and data rates may apply.