Account Security and Authentication

Back to Articles
General For All Users Account Management Last updated: June 20, 2025 Version: 1.1

Account Security and Authentication

Learn how to secure your Shifts platform account with strong authentication methods, including two-factor authentication, trusted devices, and best practices for maintaining account security.

Overview

The Shifts platform provides robust security features to protect your account and ensure that only authorized users can access sensitive scheduling and workforce information. This article explains the authentication options available, how to configure secure access to your account, and best practices for maintaining security.

Authentication Methods

The Shifts platform currently supports the following authentication methods:

Username and Password Authentication

This is the primary authentication method:

  1. Every user has a unique username (typically your email address)
  2. Your password must meet minimum security requirements:
    • At least 8 characters
    • Combination of uppercase and lowercase letters
    • At least one number
    • At least one special character
  3. Passwords are securely hashed and never stored in plain text
  4. Password history rules prevent reuse of recent passwords

Two-Factor Authentication (2FA)

For additional security, you can enable two-factor authentication:

  1. Requires a secondary verification code in addition to your password
  2. Supports industry-standard authentication apps:
    • Google Authenticator
    • Microsoft Authenticator
    • Authy
    • Other TOTP-compatible apps
  3. Provides time-based one-time codes that expire after 30 seconds

Two-factor authentication significantly increases your account security by requiring something you know (password) and something you have (authentication device).

Setting Up Two-Factor Authentication

To enable two-factor authentication:

  1. Navigate to Account Settings in your profile
  2. Select the Security tab
  3. Click Enable Two-Factor Authentication
  4. Follow the setup wizard:
    • Scan the QR code with your authentication app
    • Enter the verification code from your app
    • Save the backup codes provided (store these securely)
  5. Once enabled, you’ll need to provide a code from your authentication app each time you log in

If your organization requires two-factor authentication, you may be prompted to set it up during your first login or by a specific deadline.

Managing Trusted Devices

The Shifts platform can remember devices you commonly use:

Registering a Device

When you log in from a new device:

  1. You’ll be prompted to verify your identity through 2FA (if enabled)
  2. You’ll see an option to “Remember this device”
  3. If selected, this device will be added to your trusted devices list
  4. Future logins from this device may require less frequent verification

Viewing and Managing Devices

To manage your trusted devices:

  1. Navigate to Account Settings in your profile
  2. Select the Devices tab
  3. You’ll see a list of all devices that have accessed your account
  4. For each device, you can:
    • View last login details
    • See device information (browser, operating system)
    • Remove the device from your trusted list

If you no longer use a device or suspect unauthorized access, remove it from your trusted devices immediately.

Account Recovery Options

If you lose access to your account:

Password Reset

  1. Click Forgot Password on the login screen
  2. Enter your username (email address)
  3. A password reset link will be sent to your email
  4. Follow the link to create a new password
  5. If 2FA is enabled, you’ll need your authentication app to complete the process

Two-Factor Recovery

If you lose your authentication device:

  1. Use the backup codes you saved during 2FA setup
  2. Each backup code can be used once for login without your authentication device
  3. After using a backup code, set up a new authentication device immediately
  4. If you’ve lost both your device and backup codes, contact your administrator

IP Restrictions

Your organization may implement IP-based access restrictions:

  1. Access may be limited to specific networks or locations
  2. Attempts to log in from unauthorized networks will be blocked
  3. You may see a message indicating IP restriction if you try to access from an unauthorized location
  4. Contact your administrator if you need access from a new location

Login Monitoring and Security Alerts

The Shifts platform includes security monitoring:

  1. Failed login attempts are tracked and may trigger account lockouts
  2. Suspicious login activity (unusual locations, multiple failures) may generate alerts
  3. Critical account changes generate security notifications
  4. You can view your recent login history in your account settings

Future Authentication Enhancements

The Shifts platform is continually improving security features. Planned enhancements include:

  1. Single Sign-On (SSO) integration with enterprise identity providers
  2. Social login options for easier access (Google, Microsoft)
  3. Enhanced mobile authentication options
  4. Biometric authentication support for mobile apps

These features will be added in future releases. This article will be updated when new authentication methods become available.

Best Practices for Account Security

To maintain the highest level of security:

  1. Use a Strong Password: Create a unique, complex password
  2. Enable Two-Factor Authentication: Adds a crucial second layer of protection
  3. Don’t Share Credentials: Never share your username, password, or 2FA codes
  4. Use Secure Networks: Avoid logging in from public Wi-Fi when possible
  5. Keep Devices Updated: Ensure your devices have the latest security updates
  6. Log Out When Finished: Always log out when using shared computers
  7. Review Activity Regularly: Check your login history for suspicious activity
  8. Update Recovery Information: Keep your contact information current
  9. Recognize Phishing: Be cautious of emails requesting your credentials
  10. Report Suspicious Activity: Alert your administrator to any security concerns

Related Resources

This article should be updated when:

  1. Single Sign-On (SSO) integration is implemented
  2. Social login options become available
  3. Additional authentication methods are added
  4. Password policy or requirements change
  5. Two-factor authentication options are expanded
Article ID: account_security
Related Articles
Managing Your Account Settings
Learn how to use the managing your account settings feature in the Shifts platform to optimize your workflow and improve productivity.
Managing Your Personal Information
Learn how to view, update, and manage your personal information in the Shifts platform to ensure your profile is accurate and maintain control over your data privacy.
Security Settings
Configure comprehensive security controls for your organization, including password policies, two-factor authentication requirements, IP restrictions, and session management.
In This Section
User Settings and Preferences
General Features
Understanding the Dashboard
Getting Started
Setting Up Two-Factor Authentication
General Features
Account Security and Two-Factor Authentication
General Features
Setting Up Your Profile
Getting Started View All Articles in This Section