Account Security and Two-Factor Authentication

Learn about the comprehensive security features in Shifts to protect your account, including two-factor authentication, IP restrictions, device management, and secure password practices.

Understanding Account Security

The Shifts platform implements multiple layers of protection to ensure your account remains secure and your data is protected:

1. Strong password requirements with complexity enforcement
2. Two-factor authentication (2FA) for additional verification
3. Session timeout controls to prevent unauthorized access
4. IP-based access restrictions for location-specific security
5. Device recognition to identify and authorize known devices
6. Activity monitoring to detect suspicious login attempts
7. Automatic account lockout after multiple failed login attempts

Two-Factor Authentication (2FA)

What is Two-Factor Authentication?

Two-factor authentication adds an essential second layer of security by requiring a verification code from a device you own (something you have) in addition to your password (something you know). This helps protect your account even if your password is compromised.

Available 2FA Methods

Shifts supports the following 2FA methods:

• Authenticator App (Recommended): Use apps like Google Authenticator, Microsoft Authenticator, or Authy to generate time-based verification codes
• Backup Codes: Generate and store emergency access codes for when your primary 2FA method is unavailable

For detailed setup instructions, see our Setting Up Two-Factor Authentication guide.

Device Management

Shifts enables you to manage which devices can access your account:

1. Go to your Profile Settings → Security → Devices
2. View all devices currently logged into your account
3. See device details including last login time and location
4. Remove access for any unrecognized or old devices

IP Address Restrictions

Depending on your organization’s security settings, your account may be limited to specific locations or networks:

• Access may be restricted to your workplace network
• Login attempts from unusual locations might trigger additional verification
• Some security-sensitive functions may only be available from approved networks

If you receive an IP restriction message, contact your system administrator.

Password Best Practices

Follow these guidelines to create and maintain a secure password:

• Use a unique password for your Shifts account
• Create passwords with at least 12 characters
• Include a mix of uppercase, lowercase, numbers, and symbols
• Avoid personal information, dictionary words, or common patterns
• Change your password at least every 90 days
• Never share your password with anyone, including colleagues
• Consider using a password manager to generate and store complex passwords

Security Alerts

Shifts monitors your account for potential security issues and will send alerts when:

• Your account is accessed from a new device or unusual location
• Multiple failed login attempts are detected
• Your password is reset or changed
• Security settings like 2FA are modified
• Your account permissions are altered

Review these alerts promptly and report any suspicious activity to your administrator.

Related Resources

• Setting Up Two-Factor Authentication
• Account Creation and Login
• Password Reset
• Business Security Settings

This article should be updated when:

1. New security features are added
2. 2FA methods change or new options are added
3. Password requirements are updated
4. Security monitoring or alert systems are modified
5. Device management functionality changes