Introduction
Lawmaker uses multi-factor authentication to make the application more secure.
The first time you sign in after your account has been created (or reset)
After you’ve updated your password, you’ll be asked to set up MFA.
To do this you will need to install an authenticator app on your mobile phone if you don't already have one. There are a range of authenticator apps for Android phones and iPhones including Google Authenticator and Microsoft Authenticator - they all work in a similar way.
Be aware you will never be asked to pay any money when signing up to activate your Lawmaker account. This is a scam. If you are asked to subscribe or make a payment, stop immediately and remove the app from your phone.
Lawmaker will display a QR code on the screen. Open your authenticator app and click on the plus sign to add a new account. Follow the instructions in the app to scan the code on your computer’s screen. This will link your Lawmaker user account with the authenticator app and the app will start producing codes that can be used for signing in to Lawmaker.
Type in the code that is currently showing on the app and click Verify Security Token.
When you sign in for a second or subsequent time
Whenever you login in future you will first be asked for your username and password. You may then be asked to also provide a code from your authenticator app to provide additional assurance of your identity.
If the dialogue box above appears then open up your authentication app on your phone. Type the code showing on the phone into the dialogue box and click Continue.
What happens if I get a new phone or lose my phone?
If you get a new phone then the authenticator app will enable you to transfer your MFA keys from the old phone to the new phone (e.g. the old phone will generate a QR code which can be scanned into the new phone). Some authenticator apps also enable you to do a secure backup of your keys as another way of retrieving them on a new phone.
If you lost your phone and so were unable to transfer your keys to a new device then contact Lawmaker support to get your account reset.
More information about MFA
What is "multi-factor authentication"?
Multi-factor authentication means a user is only granted access to a system if they provide two or more different kinds of evidence as to their identity.
A password is one piece of evidence (it is something only the user should know). Further evidence can be something the user has in their possession (such as a card or USB stick) or an inherent characteristic of the user (e.g. a fingerprint).
For Lawmaker, in addition to providing a password, you will sometimes be asked to provide evidence that you have something in your possession (a mobile phone or tablet). The evidence will be a code generated by an app on your phone.
MFA makes Lawmaker more secure because, while it is conceivable that someone could find out your password or get hold of your phone, it would be difficult for someone to manage both at the same time.
How does it work in Lawmaker?
When you set up MFA and scan the QR code with your authenticator app, that code contains a unique key produced by Lawmaker (the key is essentially a very long and unique password).
The key gets stored in the authenticator app.
The authenticator app then uses a cryptographic algorithm to generate a six-digit code derived from the key plus the current time (hence why it changes all the time). The cryptography is needed so no-one intercepting your six-digit code can work out what the original key was.
Since Lawmaker knows what the key is, it can use the same algorithm to check that the code you type is valid. And since only your phone and Lawmaker should know what the key is (it is a shared “secret”) typing in a correct code is evidence that you have access to your phone and hence you are likely to be who you say you are.
What information about me or my Lawmaker account is stored on my phone?
The only thing stored on your phone is the key, i.e. the long code generated when you set up MFA. It is stored securely within the authenticator app. The code in itself does not contain any information about you or the Lawmaker application (it is essentially just a unique, random number). Equally, the Lawmaker application does not store any information about you or your phone as a result of setting up MFA.