Your login security is extremely important to us. That said, we offer a number of features in this area:
- Single sign-on via corporate email
- Two-step verification
- Email alerts on unusual login activity
- Enhanced management and personalization controls
Single sign-in via corporate email
In addition to setting up a dedicated password on Fareclock to login, there are also options to login via Apple, Google, and Microsoft. Both Microsoft Azure Active Directory and Google Workspaces are supported.
You can also enforce which login method and/or email domain is used by all administrators for your organization in the Console under Settings -> Users -> Defaults -> Administrator role settings. See the relevant Authentication providers and Authentication domain settings. If you configure these settings, then administrators will not be able to access your organization unless they meet these policy requirements.
You also have the option to enable two-step verification via a time-based one-time password (TOTP) generated via an Authenticator app installed on your mobile device (also known as "MFA" or "2FA"). To set that up, click on your avatar in the upper right of the console and choose Manage Profile, or go directly to https://login.fareclock.com/manage.
Then click on the Off button next to "Two-step verification".
Click on the Off/On toggle to turn it on.
You'll need to install an Authenticator app on your phone, such as Google Authenticator or any similar app that supports TOTP codes. Here are handy links for Google Authenticator:
- Apple - https://apps.apple.com/us/app/google-authenticator/id388497605
- Android - https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
In the authenticator app, scan the bar code displayed on the login screen to pair it with Fareclock. You'll then be displayed a 6-digit code that will change every 30 seconds. To complete the pairing process, enter the code you see on the screen onto the Fareclock login page, and click Activate.
Once activated, you'll be able to view and print special one-time backup codes that can be used in case you lose your phone. Make sure to keep these backup codes in a safe place!
The Fareclock timeclock mobile app starting in version 3.1 has a special prompt for two-step verification when required. For older versions of the app, just enter in the 6-digit code to the end of your regular password.
You can also choose which login methods should require two-step verification. For example, if you sometimes sign-in with a Fareclock password and sometimes with Microsoft single sign-in, you may already have separate two-step verification setup with Microsoft, and maybe only want to require the Fareclock-specific two-step verification when signing in using your Fareclock password.
You can also configure policy requirements for using two-step verification by all administrators who access your organization. To set that up, go in the Console to Settings -> Users -> Defaults -> Administrator role settings, and next to the "Two-step verification providers" field choose which sign-in methods should require it. See the screenshot above for what that setting looks like.
Email alerts on unusual login activity
You'll receive email alerts on the following unusual logic activities:
- Sign-in on new device
- Change Password
- Enable/disable two-step verification
- New backup codes generated
- Backup code used to sign-in
- New sign-in method
- Repeated failed attempts to login using your email address
Such an email will contain the IP address where the request came from, its estimated location, and the type of device used.
If you don't want to receive these alerts, then you can click the Unsubscribe link at the bottom of the email.
The alert for a new device may be the most frequent type of alert sent. If you just want to disable that alert, then there is a specific setting for that on the Login site. From the Manage page shown above, click on Sign-In Devices, and click the toggle button for "Receive new sign-in alert emails".
Enhanced management and personalization controls
There are some additional options for managing your login settings.
You can view which Sign-in Methods you have used and disconnect any you don't want to use anymore. From the Login Manage page, click on Sign-in Methods:
You can also view all devices you have signed into in the past 90 days. Just click on Sign-in Devices on the Login Manage page. If you ever want to forcibly sign out of all other devices, just click on the red "Sign out & forget all other devices" button.
You can change your password any time by click on Change Password from the Login Manage page. If you ever forget your password, there is Forgot Password link on the initial login page. It will email you a secure link to create a new password.
Finally, if you want to change your name or avatar, just click on your name or initial avatar on the Login Manage page.