What is ServiceM8’s Two-Step Authentication (2SA)?
ServiceM8’s Two-Step Authentication (2SA) is an easy way to improve your business’s protection against cyber criminals and others seeking unauthorised access your ServiceM8 account. With ServiceM8’s 2SA, in addition to providing your username and password, you’re also sent an SMS (text) with a unique 6-digit code for you to enter, thereby adding a second ‘step’ to authenticating your ServiceM8 account access. 2SA is available on all standard ServiceM8 accounts and is optional to activate. For instructions on how to activate this measure, see How to set up Two Step Authentication.Why would I activate 2SA?
Online criminals are constantly using phishing, malware and other scams in an attempt to obtain sensitive credentials such as usernames and passwords, which they then use to impersonate you and access your online services (such as ServiceM8). Your ServiceM8 account contains your clients’ personal information, and sensitive business data (including your invoicing and payment details), making it a target for criminals. So, it’s not only in your interest to protect your account’s security, it’s also your responsibility. Maintaining a strong, unique and secret password, as well as good online security practices, is an essential starting point. ServiceM8’s 2SA adds another layer of security, requiring the entry of a 6-digit code which is sent to your mobile phone when you want to log in or perform certain account actions. This means someone would need to know both your username and password, and have access to your text messages, to gain access. This makes it much harder for someone to impersonate you and access your account, even if they have your username and password.How does 2SA affect my day-to-day ServiceM8 usage?
Once activated, the 2SA process applies:- Every time you login to the ServiceM8 app
- Every time you login to the Online Dashboard
- Exporting account data, such as Client or Job exports
- Generating Account Backups
- Changing Staff details
- Accessing Account Owner settings
- Changing Account Owner details
- Transferring account ownership
- Cancelling the ServiceM8 account
Is activation of 2SA on my ServiceM8 account mandatory?
Activation of ServiceM8’s Two-Step Authentication is a requirement for all ServiceM8 accounts connected to a Xero account. Use of Two-Step Authentication for all other customers will continue to be optional, but recommended.Can I use a Passkey?
Yes! ServiceM8 supports the ability to save a passkey for your ServiceM8 login, and ‘Sign in with Passkey’ as an alternative second step of authentication, instead of entering a 6-digit code received via SMS/push notification. Learn more about Sign in with Passkey.Can I control which users in my account require 2SA?
To a degree. The Account Owner can activate 2SA for either the Account Owner only, or all staff within the ServiceM8 account. The Account Owner can toggle between these two options, however once activated there is no option to deactivate 2SA altogether.How do I login if I don’t receive the SMS code?
If you don’t receive the SMS authentication code within a couple of minutes, use the “Send again” button (Online) or reattempt the login process (App) to request ServiceM8 to send another code. If you still don’t receive the code:- If you are the Account Owner, you can answer your Security Questions instead to authenticate your login (Online Dashboard login only). Security Questions can be set in Settings > ServiceM8 Account > Account Owner Settings. Use of Security Questions to login will prompt an automatic notification email & SMS to the Account Owner that the Security Questions have been used to authenticate a login;
- Otherwise, you will need to contact the Account Owner and request they check your mobile/cell phone number is saved correctly in Staff Settings, or disable 2SA for non-Account Owner staff.