This article explains what two-factor authentication (2FA) is and the benefits to your account security, how to turn on 2FA in your Clio Manage and Grow accounts, and what to do if you are having trouble signing in.
Tip: If you're a Firm Administrator who has 2FA enabled on your account, you can invite or require firm users to enable 2FA on their accounts.
What It Is
2FA strengthens account security by requiring two methods to verify your identity. When you log in with your username and password, you will need to provide another piece of information before gaining access to the account. For your Clio account, this other piece of information is a time-sensitive code generated by an authentication app. With 2FA, you can take an important step toward protecting your Clio data.
With newer and more frequent cybersecurity attacks, passwords alone do not provide enough security to protect your accounts. By enabling 2FA, you are adding an extra layer of security in case your password is compromised. Even if someone knows your username and password, you have peace of mind knowing that they cannot access your account. Adopting 2FA ultimately improves your data security and can prevent 99% of account takeovers.
What You Need
Note: Each user will need to set up 2FA on their own account.
- The smartphone that you will install the authentication app on.
- Your Clio username and password.
- The time-based one-time password (TOTP) generated by your authentication app.
What is a TOTP? A time-based one-time password (TOTP) is a temporary code or token generated by an algorithm that uses current time as an input. For your Clio account, this means a six-digit code that appears in your authentication app for 30 seconds before it is replaced with a new six-digit code.
Turn On 2FA
Step 1: Download and Install an Authentication App
Before setting up 2FA on your account, start by downloading and installing an authentication app on your smartphone or computer. Clio Identity supports standard TOTP applications. Here are a few options:
- Authy, Google Authenticator, 1Password, Microsoft Authenticator, Duo Mobile, OneLogin.
Note: Clio recommends that our customers use Authy because it is available on more platforms (iOS, Android, Windows, Mac, and Linux) and offers optional encrypted cloud backup of your one-time password (OTP) tokens—this makes it easier to use on multiple devices and to restore your tokens if you lose access to your phone or get a new phone.
Step 2: Turn On 2FA in Clio
After downloading and installing an authentication app, turn on 2FA settings in Clio Manage or Clio Grow. When turned on in one account, 2FA will automatically be applied to the other account.
- Go to Settings.
- In Clio Manage go to Security > My Security > Update your security settings.
- In Clio Grow go to Personal > Security > Manage my security.
- In the new browser window, scroll down to Two-factor authentication (2FA) and click Enable 2FA.
- Enter your Clio log-in password and click Continue
- In your authenticator, add a new account.
- Tap the + icon or click "add account."
- Use your device's camera to scan the QR code or manually enter the code. Your Clio Manage account will be added to the authenticator.
- Go back to Clio Manage, click Continue, enter the six digit code generated by your authenticator, and then click Continue.
- Save a copy of your emergency backup codes and then click Continue.
- Select Enable push notification if you prefer to receive a push notification to your mobile device instead of typing in the six digit code generated by your authenticator.
- You must be signed in to your Clio account on the Clio mobile app to receive the push notification.
- Follow the prompt and select either Sign in to Clio Grow or Sign in to Clio Manage.
- After entering your Clio username and password, enter the OTP code generated by your authenticator.
- Go to Settings.
Tip: When prompted to enter the OTP code at your next log-in, check the "Keep me logged in" box to extend your session by a week.
If you lose your phone or lose access to your authentication app, and if you cannot sign in to Clio, you can use one of the emergency backup codes that you saved when you first set up 2FA in Clio. You can use any code to sign in, but each code can only be used once.
Tip: if you run out of emergency backup codes, ask your Firm Administrator or Primary Subscriber to disable 2FA for your account. When you re-enable 2FA, you will get a new set of backup codes.
Can't Sign In
If you do not have access to your authenticator, you may still be able to log in to Clio since 2FA sessions can be extended up to a week. If you can still log in, re-add your account to your new device or alternate authentication app.
- Go to Settings > Security > My Security > Update your security settings.
- Next to Security codes click View.
- Enter your Clio password.
- When the QR code appears, scan the code on your new device or alternate authentication app.
- Follow the prompts to complete set up.
If you get a new phone, lose your device, cannot access your Clio account as described above, or do not have access to your backup codes, you can ask your Firm Administrator to disable 2FA for your account.
Note: Authy is the most forgiving authentication app in case you lose your phone or get a new device. This is because you can store your OTP tokens, or six digit codes, in an encrypted cloud backup.