Note: This feature is not available in Singapore.
We at Timely take high priority in creating a secure platform to protect your business information and data. In addition to your business email and password, the set up for two-factor authentication or ‘2FA’ creates an extra security layer that helps protect your Timely account. This guide will cover:
- How it works to protect your account
- Enabling 2FA
- 2FA summary page
- Staff setup
- 2FA log in via iOS
- Resetting 2FA
- Recovery codes
We recommend installing the latest version of the Timely iOS app (2.10.4 or greater) on your iOS device/s before setting up 2FA login for your business.
How it works to protect your account
Note: If your business have opted-in to set up 2FA access to your Timely account, this will make it mandatory for your staff member/s with email access (The 2FA setup does not apply to staff member/s who has ‘Only pin access’) to set up 2FA on their trusted device within the 2 weeks grace period.
During the 2FA set up process, you will be asked to verify your identity via a secure 6-digit code that we will send to your nominated mobile number. You will also be required to provide a recovery email, in case you have issues logging into your Timely account, this will allow our customer support team to validate your identity before providing you with a recovery code.
All staff member/s with email access will be asked to complete their 2FA set up in the next login. They will have a 2 weeks grace period to comply. Everyone with 2FA setup will be asked to verify their identity every 30 days unless a full logout happens, then 2FA verification of identity will be needed. Staff member/s will also need to verify their identity every time they log in on a new device, change their password or have their 2FA Reset.
Enabling 2FA
Setting up 2FA for the business (Only available in the Timely Web App - Desktop)
- Go to Account in the navigation then click 'Staff access'.
- Click ‘Manage’ in the two-factor authentication section.
- Click ‘Setup now’ to begin setting up 2FA for your business.
Enter and verify your trusted mobile number
- Enter the mobile number you want to be associated with your 2FA setup. You will receive verification codes on this phone when you log in to Timely.
- When you have entered your mobile number, we will automatically send a secure 6-digit code.
- Enter the secure 6-digit code to verify your mobile number.
Add in your recovery email
- Add in a recovery email which Timely's customer support team may use to send recovery codes to, or additionally as another way to verify your identity.
- Click 'continue'.
For security reasons, you'll need to use a different email address than one linked to your Timely account. You also cannot use a Staff’s email address. You will also need to have access to this email at all times.
View recovery codes
- Recovery codes help a business owner get into their Timely account if they misplace their phone or change their mobile number and are unable to receive the 2FA code to log in.
- Each code can only be used once. Store these codes somewhere safe. The business owner will be able to view these again on the 2FA page.
- Click 'continue'.
A few ways to save the codes are; screenshot or copy and paste into a document you can securely access when needed. - Once setup has finished you will see a confirmation screen saying your two-factor authentication has been successfully set up and verified.
- Click 'finish'.
2FA summary page
Once you have successfully set up and enabled 2FA, you will gain access to the full set up page. On this page, you will be able to view the current 2FA status, security methods and a summary of staff’s verification statuses.
- About the grace period
Staff member/s will have a 2 weeks grace period to complete their 2FA setup when they log into Timely. If 2FA setup is not completed within this timeframe, in the next login session the staff member/s will be required to set up their 2FA before they can gain access to the Timely account.
- Changing your trusted 2FA mobile number
To change a 2FA mobile number staff with admin access will need to reset 2FA on the Staff access page. We will log the user out when their 2FA has been reset. Please log back in and reset as possible as your account will not be secure. You cannot edit this number anywhere else in Timely.
- Changing 2FA recovery email
If the existing recovery email is no longer valid for your business, you can edit and replace the existing nominated recovery email with a new email (please ensure the newly nominated email is not associated with your Timely account).
- Recovery codes
You can view your recovery codes again via the view codes button. This will give you a summary of what codes you have left to use and it will also show you what codes have already been used. When you have used all your allocated code we will automatically generate a new set of codes for you to use, so you will never run out. You can also click 'get new codes' to generate a new set.
- Disabling 2FA
Should you decide to turn off 2FA simply click manage
Then click the ON button to OFF and click save
If the business owner chooses to disable 2FA for the business, we will store all data in case they choose to enable 2FA again. Unverified staff members will get 2 weeks grace period to verify their 2FA.
Staff setup
- Staff member/s will need to set up their 2FA when they first log in to Timely. Once the business have enabled 2FA on the Timely Account, staff member/s will have a two weeks grace period to complete their 2FA setup.
Staff set up via Timely Web App (Desktop)
- Log in with your email and password to prompt authentication.
- Add in your trusted mobile number if it has not been pre-populated.
- We will automatically send a secure 6-digit code to the trusted number.
If you have added in your number wrong you can click ‘wrong number’ to change it. - Enter the secure 6-digit code and verify.
If the code did not arrive on your phone, you can click ‘send new code’ to try again. Each code is only valid for 10 minutes. - 2FA has now been verified and set up.
- Continue to Timely.
Each time you log in after initial setup, we will send you a new secure 6-digit code to your mobile number to verify your identity.
Note: If pin switching is enabled, staff member/s will be able to pin switch once the user (with email access) has logged in with 2FA.
2FA log in via iOS
- The 2FA login feature is only supported on the Timely iOS App version 2.10.4 (or greater)
- Log in with your email and password to prompt authentication.
- Add in your trusted mobile number if it has not been pre-populated.
- The mobile number has been pre-populated
- We will automatically send a secure 6-digit code to the trusted number.
- Enter the secure 6-digit code and verify.
- 2FA has now been verified and set up.
- Continue to Timely.
Resetting 2FA
There are a few reasons why you might want to reset 2FA, such as losing your device, making a change to your mobile number or you are unable to access your 2FA security method.
2FA Reset is also required when a Staff has been locked out due to too many invalid code entries.
To reset business owners 2FA:
- Go to staff access.
- Click on 'Reset 2FA' in staff details.
- A modal will appear asking you to confirm.
- Click 'Reset'.
- A reset status tag will appear on the staff details. This will update when 2FA has been successfully reset.
- You will be requested to sign-in again and enter in your trusted mobile number, which you will later receive a 6 digit code via SMS to verify
To reset staff's 2FA:
- Go to staff access.
- Click on 'Edit access' in staff details.
- Click 'Reset 2FA'.
- A modal will appear asking you to confirm.
- Click 'Reset'
- A reset status tag will appear on the staff details. This will update when 2FA has been successfully reset.
When 2FA is reset, the user will be logged out of all sessions in Timely. Please do this as soon as possible as your account will not be secure.
Recovery Codes
Recovery codes help business owners get into their Timely account if they lose access to their 2FA credentials or can't sign in for another reason. Using one of the recovery codes will automatically regain business owners entry to Timely. Using a recovery code will not verify your identity. If the account is in a locked state, business owners will need to reset their 2FA once they have successfully logged in.
Using recovery codes:
- Add your email and password to prompt authentication.
- If you are struggling to input your secure 6-digit code you will be presented with an option to ‘Enter recovery code’.
- Click ‘Enter recovery code’ to open the recovery code input screen.
- Add in the 16 character recovery code.
- Click verify to gain entry to Timely.
Each recovery code can be used only once, you might want to mark the codes as used where you have saved them elsewhere. To get a new set of codes please click 'view codes' on the 2FA setup page.