Multi-Factor Authentication for QwikClient
With new regulations and rules set forth by the FTC around the protection of consumer data, it is necessary for changes to be made to software applications across the country. The FTC has created the Safeguards Rule that requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure.
Part of the Rule includes anyone accessing consumer data must access the data through secure means such as Multi-Factor Authentication (MFA). DAKCS does not take this requirement lightly. To help comply, the ability for multi-factor authentication has been implemented to be used in the QwikClient product application.
To get notifications of when the new multi-factor authentication feature is available in QwikClient and future product updates, subscribe to the QwikClient Release Notes page located here. You can also find a downloadable and shareable version of this article here.
Changes will be made during a
maintenance window on
Tuesday, June 20, 2023 at 9 PM MT. Email Julie Newson at
julie@dakcs.com to schedule an update for the latest Beyond Build.
QwikClient Website
This is a big change in the technology industry and will most likely be a common practice for most software applications. However, this is a change that will give you the control whether to enforce enabling multi-factor authentication in QwikClient.
You will be able to require certain clients to have it enabled and others not. This will be your decision of when you want clients to be pushed into using multi-factor authentication. If you choose to not force MFA requirement upon a client, each user will be able to opt-in and enable multi-factor authentication when logging into QwikClient and accessing it through the Profile Settings page.
If you force multi-factor authentication at the individual client level, here are a few things you will need to know.- Notify your client(s) what they need to do and why it is being implemented.
- Let your client(s) know how to acquire or download an authenticator app. The app must support time-based one-time passwords, also known as TOTP.
- Going forward, this will likely require EACH USER to have their own specific login for QwikClient. There is still a possibility that users could have a shared login at the client’s office, but it would require them to sync their authenticator apps across all devices used by the users.
When a user first logs in, after you have enabled the force multi-factor authentication option, they will be presented a QR code and a security key to enter the TOTP authenticator app to gain access to the site.
Once the user has successfully entered the authorization code from the app, they will be presented with their recovery codes. It is recommended that the user write these down or copy and store them in a safe, secure place.
Additional options added to QwikClient Main Menu
- Change Password Tile on the main landing page has changed to Profile Settings.
- A new Profile Settings page has options that let users maintain their multi-factor authentication settings and their password."
- The permissions for Change Password have been removed and will always show for all users. This is due to security of shared passwords, and the use of multi-factor authentication.
- The View Multi-Factor Authentication option will be shown once a user has this set up. This can be used to set up multiple devices and authenticator apps by using either the QR code or security code.
- The View Recovery Codes option allows the user to see the recovery codes that can be used to sign in. These codes can be used in the event a user does not have access to their authenticator app.
- The Reset Multi-Factor Authentication option allows the user to reset their multi-factor authentication setup to reset their authenticator app with a new security code and a new set of recovery codes. This will behave like the initial setup of multi-factor authentication.
QwikClient Utility
Along with the user website changes, there have been a few changes made to the QwikClient Utility. You can set preferred clients to force the use of multi-factor authentication. You can see which clients have forced multi-factor authentication to be on/off, which users have multi-factor authentication enabled/disabled, and the ability to reset an individual user's multi-factor authentication.
For you to force multi-factor authentication on a specific client entirely, navigate to User Setup, select the client, click on Security Settings, and check the box for “Force multi-factor authentication.”
To view clients who have multi-factor authentication forced on, there is a “Force MFA” field on the Remote Client information in the upper part of the User Setup screen.
To view which individual users, have multi-factor authentication enabled/disabled, click on the username under each client, and it will show whether multi-factor authentication is enabled or disabled.
You can also reset the user's multi-factor authentication from this same screen once it has been enabled. This will most likely be used in the event a user no longer has access to their authenticator app or recovery codes.