Stream now has the ability for you to set up Multi-Factor Authentication (MFA), to help you improve the security of your Stream account and the data contained within it.
In this article, we’ll detail:
- What is Multi-Factor Authentication (MFA)?
- How to Enable MFA for your Stream account
- Logging into Stream with MFA enabled
- Multi-Factor Authentication FAQs
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is a powerful security feature that is implemented in Stream to enhance user account security.
By adding an extra layer of protection, beyond the traditional username and password combination, MFA prevents unauthorised access to accounts and ensures the privacy of customer information.
Please Note:
When a subscribing company enables MFA, it will be their responsibility to support their users.
With MFA enabled, all users are required to provide multiple forms of identification during the sign-in process on an intermittent basis, which can be set using the ‘Refresh Interval Days’ field, as outlined in Step 3 below.
This makes it significantly harder for attackers and unwanted personnel to compromise accounts.
How to Enable MFA for your Stream Account
To enable MFA for your company’s Stream account, perform the following steps:
Step 1: Go to Your Company Settings
From the main menu in the top right corner of Stream, click ‘Settings’.
On the General tab, scroll down to the ‘Company Settings’ section.
If you aren’t able to access the ‘Settings’ screen on your account, please contact Stream Support.
Step 2: Enable MFA
Within the Company Settings section on the General tab, click the checkbox to enable Multi-Factor Authentication (Desktop).
When you check the box to enable MFA, you will be presented with the message shown in the screenshot below, advising you that once you enable MFA, it will be turned on for all users within your Stream account, including your Business Partner users.
Please Note:
MFA Is currently only available for the Stream desktop users, we will be adding MFA for the drivers app as a separate option in the near future.
Step 3: Setting the MFA Refresh Interval
Once you have enabled MFA for your Stream account, the ‘Refresh Interval Days’ field will become usable.
In this field, enter the number of days that you would like to pass each time, before users are again required to sign into Stream using the MFA method.
During this period, users will only need to login using their User ID and Password as normal, unless they are trying to log in using a different device or browser.
Once you’re happy with your MFA settings, click ‘Save’ at the bottom of the settings screen.
IMPORTANT:
Once you click ‘Save’, the checkboxes will become disabled and you won’t be able to turn Multi-Factor Authentication off.
Logging into Stream with MFA enabled
Multi Factor Authentication (MFA) is a recommended security protocol available in Stream and is a common method to authenticate users accessing cloud solutions.
Once it is enabled in Stream, the first time a user logs in to Stream, they will be given a choice of which authentication method they wish to use.
The MFA methods available in Stream are:
To select an MFA method, click on the ‘Method’ dropdown menu and select either ‘Email’ or ‘Authenticator App’.
Which option you select will determine what the next steps are.
Stream will remember the option you choose and will automatically select it as the default option the next time you are required to log in using MFA, however, it is possible to change your authentication method at this point.
Method 1: MFA using Email
If you have selected the ‘Email’ MFA method, you will see a ‘Request Code’ button appear.
Click ‘Request Code’.
An email will be sent to the email address associated with your Stream user profile containing a unique code.
Copy the code from the email and paste it into the code field in Stream, then click ‘Submit’.
If the code is successfully authenticated, you will be logged into Stream.
If the code is entered incorrectly, you will be asked to enter a valid code.
After you have successfully authenticated your account, you will be able to login using just your User ID and Password as normal, until the next time the MFA sign in method is required.
Method 2: MFA using Authenticator App
To use this method for MFA, you will need to have an Authenticator app pre-installed on your handheld device.
We recommend the following Authenticator Apps to be used for MFA with Stream:
- Google Authenticator – Guide | Android | iOS
- Microsoft Authenticator – Guide | Android | iOS
- Authy (By Twilio) – Guide | Android | iOS
After selecting ‘Authenticator App’ as your Authentication method in Stream, you will see a QR code displayed on-screen.
Open your Authenticator app and choose the option to ‘Scan a QR code’.
Scan the QR code that is being displayed in Stream.
This will create a ‘unique access Token’ within your Authenticator app, which will provide you with a unique code that will refresh and change after a duration specific to the app that you’ve chosen.
Enter the unique code from your Authenticator app into the ‘Code’ field in Stream and click ‘Submit’.
If the code is successfully authenticated, you will be logged into Stream.
If the code is entered incorrectly, or has timed out in your authenticator app before you submit it in Stream, you will be asked to enter a valid code.
After you have successfully authenticated your account, you will be able to login using just your User ID and Password as normal, until the next time the MFA sign in method is required.
When using ‘Authenticator app’ as your preferred method, you won’t have to scan the QR code each time MFA is required. You can simply open your Authenticator app and then enter the unique code into Stream before it times out.
Multi-Factor Authentication FAQs
Is Multi-Factor Authentication required for each login attempt, and how long is the refresh interval once successfully authenticated?
No, MFA is not required for every login attempt on the same device. By default the refresh interval for MFA is 14 days but you can change this from the ‘Company Settings’ section on the ‘General’ tab of the ‘Settings’ screen.
Can a user login on multiple devices?
Yes, but the user will be prompted to authenticate on each new device or browser identified. Stream keeps a record of each device along with a timestamp of the last MFA request on said device in order to determine the refresh interval for each device.
Can I opt out of Multi-Factor Authentication if my company has enabled it?
No, once MFA is enabled every user MUST have either an email address tied to their account, or have access to an authenticator app. If a user has access to neither of these options, then one must be set up for the user to be able to login.
Can Multi-Factor Authentication be disabled?
Once enabled, MFA cannot be disabled for security reasons.
For which Stream services can Multi-Factor Authentication be enabled?
Multi-Factor Authentication can be enabled for the desktop/web versions of both Stream Go and Stream Check.
Does this feature affect the driver’s app?
Due to the limited data available to drivers and the minimal risks for users of the mobile app, we have not implemented Multi-Factor Authentication within the app at this time. It is expected to be developed in the near future.
Can I use more than one authentication method?
Yes, the user can specify which method they would like to authenticate with at the time of login, when prompted once the refresh interval has passed.
If Multi-Factor Authentication is enabled, does it affect business partner users?
Yes, MFA is enabled at a company-wide level. All users, including business partner users, will then be required to set up MFA once enabled. We recommend informing all your users and partners before making this change.
Which Authenticator Apps are recommended for use with Stream?
While any authentication app can work, we recommend either Google Authenticator, Microsoft Authenticator, or Authy. All of these are free to use, are available on multiple platforms, and provide methods to back up authentication keys.