Overview
- Two-step authentication (2SA) adds another layer of security to your ServiceM8 account access. It is stronger than relying on a username and password alone.
- With 2SA, in addition to providing your username and password, you’re also sent an SMS (text) with a unique code for you to enter, thereby adding a second ‘step’ to authenticating your ServiceM8 account access.
- The 2SA process is used when logging in to the ServiceM8 app or Online Dashboard, exporting sensitive account data, or changing significant account settings.
- 2SA can be enabled for the account owner only, or all staff in the account.
- ServiceM8’s 2SA is optional to activate, but once activated there is no option to deactivate it.
NOTE: In 2023, activation of ServiceM8’s Two-Step Authentication will become a requirement for all ServiceM8 accounts connected to a Xero account. Use of Two-Step Authentication for all other customers will continue to be optional, but recommended.
Why you should activate Two-Step Authentication (2SA)
ServiceM8’s Two-Step Authentication (2SA) is an easy way to improve your business’s protection against cyber criminals and others seeking unauthorised access your ServiceM8 account. Online criminals are constantly using phishing, malware and other scams in an attempt to obtain sensitive credentials such as usernames and passwords, which they then use to impersonate you and access your online services (such as ServiceM8).
Your ServiceM8 account contains your clients’ personal information, and sensitive business data (including your invoicing and payment details), making it a target for criminals. So, it’s not only in your interest to protect your account’s security — it’s also your responsibility.
Maintaining a strong, unique and secret password, as well as good online security practices, is an essential starting point. ServiceM8’s 2SA adds another layer of security, requiring the entry of a 6-digit code which is sent to your mobile device when you want to log in or perform certain account actions.
This means someone would need to know both your username and password, and have access to your text messages, to gain access. This makes it much harder for someone to impersonate you and access your account, even if they have your username and password.
How Two-Step Authentication (2SA) works
With ServiceM8’s 2SA, in addition to providing your username and password, you’re also sent an SMS (text) with a unique 6-digit code for you to enter, thereby adding a second ‘step’ to authenticating your ServiceM8 account access:
Example — 2SA when logging into the ServiceM8 app:
Once activated, the 2SA process applies:
- Every time you login to the ServiceM8 app; and
- Every time you login to the Online Dashboard (via web browser);
A similar SMS authentication process will also apply to the following actions:
- Every time when exporting sensitive account data, such as Client or Job exports, or Account Backups; and
- Every time when performing significant account management tasks, such as changing staff or account owner details.
Example — 2SA when logging into the ServiceM8 Online Dashboard:
NOTE: ServiceM8 also supports Passkeys i.e. you can save a passkey to your ServiceM8 login on your iOS device, and 'Sign in with Passkey' as an alternative second step of authentication to waiting for a 6-digit code. Learn more about Sign in with Passkey.
How to set up Two-Step Authentication (2SA)
2SA can be enabled in a few minutes by the Account Owner, through their Account Owner Settings.
Important notes:
- Activation of Two-Step Authentication is a one-way process. Once 2SA is activated, there is no option to deactivate it.
- 2SA is not available to ServiceM8 Franchise account types (Franchisee or Head Office accounts), Intuit Single Sign On (SSO) accounts, or AppDirect Marketplace accounts.
- In the event of a transfer of account ownership, the new Account Owner will need to reactivate 2SA.
- To enable 2SA, in the Online Dashboard, go to Settings > ServiceM8 Account > Account Owner Settings > Two Step Authentication settings.
- Confirm your mobile/cell phone number.
- Enter the 6-digit code you should receive via SMS (text).
- If you haven't already, set three Security Questions. These can be used as a backup when you don't have access to your mobile phone.
- Choose whether to enable 2SA for the Account Owner only OR All staff within the ServiceM8 account, then finalise the setup process.
- Update to the latest version of the ServiceM8 app on all iOS devices.
How to login to the ServiceM8 app with 2SA
- Ensure you've downloaded the latest version of the ServiceM8 app from the App Store.
- To sign into the ServiceM8 app with 2SA enabled, sign in with your email and password as usual.
- If a mobile/cell phone number is not saved to your staff profile, you will be asked to enter one. This mobile number will be used to send you SMS authentication codes. If your mobile number is already saved, you will not see this step.
- ServiceM8 will send a 6-digit authentication code to your mobile number (you will need mobile/cell reception to receive SMS messages). Enter this code and tap Continue to login. Note that devices running iOS 12 or later may suggest the code when the message is received.
If you have mobile/cell reception but do not receive an SMS with your code within a couple of minutes, you can re-attempt the login process to request another code. If you still do not receive an SMS, ask the Account Owner to check that your mobile phone number is saved correctly in Staff settings.
How to login to the Online Dashboard with 2SA
- To sign into the Online Dashboard with 2SA enabled, sign in at https://www.servicem8.com/login-page with your email and password as usual.
- If a mobile/cell phone number is not saved to your staff profile, you will be asked to enter one. This mobile number will be used to send you SMS authentication codes. If your mobile number is already saved, you will not see this step.
- ServiceM8 will send a 6-digit authentication code to your mobile number (you will need mobile/cell reception to receive SMS messages). Enter this code and click Continue to login.
If you have mobile/cell reception but do not receive an SMS with your code within a couple of minutes, click “Send again” to request another code. If you still do not receive an SMS, ask the Account Owner to check that your mobile phone number is saved correctly in Staff Settings.
If you are the Account Owner and don't have access to your text messages, you can also login by answering your Security Questions (Online Dashboard login only). Security Questions can be set in Settings > ServiceM8 Account > Account Owner Settings. Use of Security Questions to login will prompt an automatic notification email & SMS to the Account Owner that the Security Questions have been used to authenticate a login.
How 2SA works with other account usage
Enabling 2SA also prompts users to go through a similar authentication process when performing certain actions with sensitive account data or settings, even after you've logged into your account. Account actions which require SMS code authentication include:
- Exporting account data, such as Client or Job exports
- Generating Account Backups
- Changing Staff details
- Accessing Account Owner Settings
- Changing Account Owner details
- Transferring account ownership
- Cancelling the ServiceM8 account
Example — attempting to export the Client List from the Reports tab online requires an SMS verification code:
For more information on the specifics of how ServiceM8's Two Step Authentication works, see Two Step Authentication — Frequently Asked Questions.