...
Introduction
Lawmaker uses multi-factor authentication to make the application more secure. Because of the additional security it provides, we will be able to make the application accessible from a wider range of locations and devices, enhancing resilience. (Note the expectation remains that you should access Lawmaker from a corporate device unless you are unable to do so, e.g., because the corporate network is not working).
...
The first time you sign in
...
Reset password
Your password will have been reset to a temporary password (communicated to you separately). When you login for the first time after the new release has been deployed, you will be asked to change it.
You can change it to what it was before or choose a new password. The password must be at least 10 characters long and must not be easily guessable (e.g. "password123"). We recommend you use three short words.
Set up MFA
After you have entered a password, you will be asked to setup MFA.
...
after your account has been created (or reset)
After you’ve updated your password, you’ll be asked to set up MFA.
To do this you will need to install an authenticator app on your mobile phone if you don't already have one. There are a range of authenticator apps for Android phones and iPhones including Google Authenticator and Microsoft Authenticator - they all work in a similar way.
Lawmaker will display a QR code on the screen. Open your authenticator app and use it to scan the code that is shown. This will link your Lawmaker user account with the authenticator app and the app will start producing codes that can be used for signing in to Lawmaker.On the "Set up MFA" page of Lawmaker, type
...
Type in the code that is currently showing on the app and click "Verify Security Token".
You will then be taken to the Lawmaker dashboard and can continue working as normal.
...
When you sign in for a second or subsequent time
...
Whenever you login in future you will continue to first be asked for your username and password and you . You may then be asked to also provide a code from your authenticator app to provide additional assurance of your identity.
...
If the dialogue box above appears then open up your authentication app on your phone. Type the code showing on the phone into the dialogue box and click Continue.
What happens if I get a new phone or lose my phone?
If you get a new phone then the authenticator app will enable you to transfer your MFA keys from the old phone to the new phone (e.g. the old phone will generate a QR code which can be scanned into the new phone). Some authenticator apps also enable you to do a secure backup of your keys as another way of retrieving them on a new phone.
If you lost your phone and so were unable to transfer your keys to a new device the appropriate action would be to ask for your account to be reset by an administrator so you could then setup MFA on a new phone (or on your old phone if you find it again). The administrator will need to be satisfied that it is a genuine request before proceeding to reset your account.
Help and support
If you have any problems signing in you should continue to contact your organisation's product owner in the first instance who will raise matters with the LDAPP project team as necessarythen contact Lawmaker support to get your account reset.
More information about MFA
What is "multi-factor authentication"?
Multi-factor authentication means a user is only granted access to a system if they provide two or more different kinds of evidence as to their identity.
...
MFA makes Lawmaker more secure because, while it is conceivable that someone could find out your password or get hold of your phone, it would be difficult for someone to manage both at the same time.
How does it work in Lawmaker?
When you set up MFA and scan the QR code with your authenticator app, that code contains a unique key produced by Lawmaker (the key is essentially a very long and unique password).
...
Since Lawmaker knows what the key is, it can use the same algorithm to check that the code you type is valid. And since only your phone and Lawmaker should know what the key is (it is a shared “secret”) typing in a correct code is evidence that you have access to your phone and hence you are likely to be who you say you are.
What information about me or my Lawmaker account is stored on my phone?
The only thing stored on your phone is the key, i.e. the long code generated when you set up MFA. It is stored securely within the authenticator app. The code in itself does not contain any information about you or the Lawmaker application (it is essentially just a unique, random number). Equally, the Lawmaker application does not store any information about you or your phone as a result of setting up MFA.