In line with best practices, on January 9th Clio is removing the ability to access two-factor authentication codes via email. Using two-factor authentication via email does provide a level of security, but if a malicious actor were to gain access to your email, they would be able to reset your Clio password as well as access the two-factor email verification code, thus gaining access to your Clio account.
If you are currently using two-factor email verification for security, we recommend switching to Google two-factor authentication. Google two-factor authentication sends the code to your personal smart device (phone, tablet, etc.) so that, even if your email is compromised, your Clio account is safe.
What do I need to do to switch to Google two-factor authentication?
Go into the "Security" section of the Clio settings page and select to enable Google two-factor authentication. The complete steps are found on our "Two-Factor Authentication with Google Authenticator" article.
This will need to be completed for each user who uses two-factor to log in to your account.
What if I lose my smart device?
Two-factor authentication is designed to prevent access to an account if you don't have access to your chosen device. However, there are a number of things you can do to ensure you have emergency access. We suggest generating two-factor backup codes and storing them in a safe place.
What if I don't have a smart device?
You can access your account using a backup code, as mentioned above. As well, you can turn off two-factor authentication after verifying your identity with one of our senior Clio Support staff members.
Does this affect Mobile access?
Yes. If two-factor authentication is activated for an account, you will need to use the code to log in to Clio mobile apps.
Will this system change again in the future?
Clio will always comply with security best practices. Ensuring that our users are securely accessing their information is a fundamental, and requirements are therefore subject to change.