Two-Factor Authentication

Two-Factor Authentication (2FA) adds an extra layer of security to your company account by requiring not only the user's password but also a second form of verification. This means that even if someone gets hold of a password from any of your team members, they won’t be able to access your data.

How to enable it?

• For admins (company policy):
  • Admins can go to their company settings page and select the "enforce" option, which will require all users to setup 2FA
  • While by default it is optional for users to add 2FA, we strongly recommend to enforce it

• For users:
  • When enforced, every user is asked to setup their 2FA before being able to continue to use HRCast
  • Every invited user is asked for 2FA during signup (if enforced, it cannot be skipped)
  • Users can also enable it under their profile page
  • We support all common apps like Google Authenticator

Further enhanced security policies

• Increase password strength: Minimum length of 10 characters, at least one of all the following (lowercase letter, uppercase letter, number, special character), not a trivial / common password
• Account locking: Accounts will be locked after 5 unsuccessful login attempts. This will send an email to the user's email which allows unlocking again