Multi-Factor Authentication (MFA) is now live in MerusCase allowing firms to proactively strengthen firm’s cyber security. MFA is an authentication method that requires users to provide two or more verification factors to gain access to MerusCase. This additional layer of security ensures all of your confidential case and client information is kept secured and protected from third parties while reducing the possibility of a breach.
Administrators in MerusCase can now choose to enable MFA for all users in their firm, or only select users. Once MFA is enabled for a user, they will be immediately logged out and required to set up MFA for their individual accounts. Let’s explore how it works.
Benefits of Multi-Factor Authentication
According to the ABA Rule 1.6: Confidentiality of Information, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Using MFA can mitigate data breaches and keep your firm out of trouble.
Many law firms focus on improving the security of their users by implementing MFA as a standard method for authentication. This is mainly because MFA ensures that even if one of the factors has been compromised or leaked, the other factor keeps hackers from breaking into your account and accessing confidential information, thereby minimizing the risk of data theft.
Some of the benefits of using MFA include:
- Providing an additional layer of security to ensure information is kept protected and secured
- Minimizing the risk of data and identity theft from third-parties
- Reducing law firm’s operational and security cost
Two Methods of Logging in with MFA
Users may choose to authenticate their log in credentials through SMS or email as their second factor. Users will be required to authenticate using their second factor every 30 days unless they log in from a different device or location within the 30-day window. Users who happen to lose their access to their second factor will be required to contact an Administrator of the account to reset their MFA.
Enabling MFA for your firm
Only administrators will be granted access to enable MFA for the firm or specific users. Keep in mind, all users for which MFA is enabled will be immediately logged out, so it’s best to enable it during off-peak hours. Once you’re ready to enable MFA in MerusCase, here are the steps to get started:
- Go to “Tools and Settings” > “Security Settings”
- Click “Enable Multi-Factor Authentication”
- Click “Yes, I am sure” when prompted with a warning reminder that all users will automatically be logged out of the application once MFA is enabled.
Setting up MFA (As a user)
After entering the username and password, users will see a screen that allows them to select email or SMS text as their second factor.
Once the user chooses their desired second-factor preference, they will need to click “Send Code”, which will direct them to the Verification page. The user will then receive a 9-digit verification code either via SMS text or email.
Note: By checking “Remember this device”, it will allow the user to bypass the verification process for 30 days. If a user fails to enter their verification code within 10 minutes or fails to enter the correct code four times, they will be sent a message and directed back to the login screen for the next steps.
Once the user has successfully verified their login credentials with the code, they will be logged into MerusCase.
Protect Your Clients and Your Information with MFA
The extra barrier of security with MFA allows administrators and users on MerusCase to protect confidential information while reducing the risk of cyber attacks. If you're interested in learning more about MerusCase’s MFA, please contact our Support Team at firstname.lastname@example.org. If you’re ready to start authenticating your account, simply log in and follow the instructions above.