Overview: What are we talking about?
At Gingr, we're committed to ensuring the security and protection of your data. Your trust in our services is paramount to us, and we continuously strive to provide the utmost security for your business. However, the most common source of data exposure comes from the most innocuous places, such as weak passwords, user account sharing, and relaxed permissions of who can access and manipulate your data.
In early 2024, Gingr will introduce Multi-Factor Authentication (MFA) to further ensure your data's security.
MFA is an extra layer of security that requires users to provide two or more verification forms before gaining access to their accounts. This additional step will significantly enhance the security of your accounts, making it even more challenging for unauthorized individuals to breach your data. This will be required for all business users and is not an opt-in experience. This applies to business portal staff users only and does not affect pet parents using the customer portal.
This article will continue to be updated with more information as we build out this feature and launch to production in early 2024.
Helpful Hints: Best Practices
We want to take a moment to highlight the significance of securing your business data with best practices around user logins and access control to help you safeguard your digital information inside and outside of Gingr. We firmly believe that a proactive approach to security protects your sensitive information and helps your business's overall success. Here are some key best practices we encourage you to follow:
Strong Passwords: Your password is the first defense against unauthorized access. Please ensure that your passwords are strong, unique, and regularly updated. Combining uppercase and lowercase letters, numbers, and symbols is highly recommended. Click here to learn how to require secure login credentials in Gingr.
- User Account Sharing: Never share your user account credentials with anyone or leave account credentials in a place where they may be seen or captured by someone else. While sometimes convenient, sharing login information poses a significant security risk. Each team member should have a unique account login to ensure accountability and data security. Click here to learn about setting up and managing user access in Gingr.
Proper Permission Delegation: Review and manage user permissions diligently. Only grant access to the essential data and features for each team member's role. Restricting access to sensitive information is a vital security measure. Did you know that Gingr recently expanded its permission system to enable you to delegate specific admin functions to non-admins? Click here to learn about the new Admin Permission Delegation features in Gingr.
How To: Multi-Factor Authentication Options
All users in the business portal will be required to complete MFA through either email or authentication app upon log in. Users will have two options to complete their multi-factor authentication:
- Code sent to their email address
- Code generated by an authenticator app
Each user's first sign in will use an emailed One-Time-Passcode (OTP). Email OTP codes will be valid for 10 minutes.
After completing their first login with email OTP the user will be prompted to complete authentication app configuration with includes scanning a QR code in your authentication app of choice. The use of an authenticator app is optional, and users may continue to use an emailed code for each login.
Am I required to use MFA every time I login?
To maximize security, users are required to complete MFA upon every login.
If we login with YubiKey, do we also have to complete MFA through Gingr login?
If using YubiKey, your login workflow will not change. For more information on YubiKey, click here.
If we login with Google, do we also have to complete MFA through Gingr login?
If using Google Login, you will be required to have MFA set up with your Google account. For more information on setting up MFA in Gmail, click here.
What authenticator apps can be used for MFA?
All major authenticator apps are compatible. This includes, but is not limited to, Authenticator, Google Authenticator, 1Password, and Authy.
Our business is using Microsoft, not Google, for email services. Does Gingr offer login with Microsoft?
At this time, Gingr does not offer the option to login with Microsoft, but we anticipate offering this feature sometime in 2024.
I'm only offered the option to receive a code via email but I want to receive a code via an authenticator app instead. How can I edit my preferences for receiving the code?
If a user bypasses the set-up of an authenticator app on their first login, authentication app set-up can be competed at a later time through the Reports & More > Users > Edit User page.
Will my pet parents be required to sign in with MFA?
No, the MFA sign-in requirement only applies to Gingr business portal users.