Implementation of two-factor authentication (2FA) for Rosemark office staff users will increase security and reduce the risk of brute-force password attacks. 2FA is also becoming an expected security standard. The initial implementation will use email as the authentication method.

Process:

1. If the staff user does not have an email address on their profile in Rosemark, they will be prompted to enter one at the first successful login. (After resetting their temp password if they were just added to the system)

2. They will then be asked to verify the email address by entering a code sent to that address.

3. Once they have successfully verified the email address, they will receive the following confirmation. 2FA is now ready to be used at subsequent logins.

4. Users will be prompted for a 2FA email code at every login. Selecting the "Remember Me” box will bypass this requirement on trusted devices for 14 days.

As it appears on the desktop app:

As it appears on the web portal: