Client Portal User Guide

Client Portal User Guide / Druide Account / Safeguarding your account

Safeguarding your account

Enabling two-factor authentication is recommended to safeguard your Druide account. Here’s how to set it up and use it.

Two-factor authentication (2FA)

2FA is a security measure that adds a second layer of verification when you log in with your Druide ID (email and password).

  1. The first factor is the password associated with your Druide ID. 2FA cannot be enabled with a login partner (Microsoft, Google, Apple or Facebook).
  2. The second factor is a code generated by an external authentication app that verifies your identity.

To enable 2FA, you must first configure an authentication app. There are many free or paid apps you can choose from (e.g. Microsoft Authenticator, Google Authenticator, 1Password, Authy, etc.). Pick one and set it up to add this extra layer of security to your Druide account.

Setting up 2FA in the Client Portal

Set up two-factor authentication for your Druide account in the Client Portal.

  1. Click the avatar and select My account from the drop-down menu.

  2. Go to the Security tab.

  3. Click Set up under Authentication app.

    1
    2
    3
  4. You will then see the steps for setting up 2FA using your authentication app.

    5 – Option 1
    5 – Option 2
    7
  5. Open your authentication app. There are two options for capturing the Client Portal data. Option 1: Scan the QR code with the authentication app. Option 2: Copy-paste the secret key in the corresponding field in the authentication app. This field is sometimes called One-Time Password.

  6. Follow the steps on your authentication app until you get an authentication code or one-time password made up of six digits. Copy this code.

  7. Return to the Client Portal, then click Next.

Note — This 6-digit code is temporary and changes quickly. If it expires before you use it, simply return to the authentication app and copy the new code.

  1. Paste the 6-digit code in the Authentication code field.

  2. Click Next.

8
9
  1. The Client Portal will provide five complex recovery codes. These codes should only be used for troubleshooting, for example, if you cannot access your authentication app.
    Copy these recovery codes and save them in a secure location.

    10
    11

Tip — Save your recovery codes in several secure locations so that you always have them on hand in case of authentication issues (e.g. working from home, loss of your device or problems accessing your authentication app).

  1. Click End to finish setting up 2FA.

Setting up a recovery email address (optional)

Link another email address to your Druide account to receive a recovery code in case any problems arise (for example, if you cannot access your authentication app).

Note — This step is optional for 2FA but will simplify the process in the event of authentication issues.

To do so, follow these steps:

  1. Click the Add an email address button under Recovery email address.

  2. Enter a recovery email address that is valid and different from the one used for your Druide account.

  3. Click Add.

  4. In your recovery email inbox, open the verification email you have received and follow the steps to confirm this email address. Once the email address has been verified, click I understand.

Didn’t receive a verification email?

Return to the Client Portal and correct the email address, if applicable, using the Change my recovery email address link.

[/info infofleche]

You will get a new email. Once the recovery email address has been verified, click I understand.

Logging in to your Druide account with 2FA

When you log in to your Druide account, you must first enter your password. If 2FA is enabled, the Client Portal will require a second authentication factor.

  1. Open your authentication app and copy the 6-digit code provided.
  2. Return to the Client Portal and paste this code in the Authentication code field.
  3. Click Confirm.

If the authentication app is connected to your browser, it might enter the code automatically.

2
3


Having issues with your authentication code?

If you cannot access the authentication app or if there’s a problem with your authentication code, use one of your recovery codes.

  1. Click the use a recovery code link.

    1
  2. Enter one of your recovery codes in the corresponding field.

  3. Click Confirm.

2
3

Note — Recovery codes can only be used once. If you lose or use all of them, you can generate new ones in your Client Portal.


Link to get a new recovery code

If there is a problem with your recovery codes, or if you don’t have any, you can request a new code if you have set up a recovery email address.

  1. Click you can request a code to be sent.

    1
  2. Go to your recovery email inbox.

  3. Copy the code in the email entitled “Your recovery code”.

  4. In the Client Portal, paste the code in the Recovery code field.

  5. Click Confirm.

4
5


Didn’t receive an email entitled “Your recovery code”?
Return to the Client Portal and click Resend email.

Copy the code from the email and paste it in the Recovery code field, then click Confirm.

Warning — The link to request a new code is only available if you have already added a recovery email address. Otherwise, please contact our customer service.


FAQ


I forgot my Druide account password. What should I do?

If you have forgotten your password, click Forgot your password? located under the Password field in the login window and enter the email address linked to your Druide ID. You will receive an email shortly thereafter to reset your password.


Can I enable 2FA if I only log in using a login partner?

No. An account created with a login partner (Microsoft, Google, Apple or Facebook) does not use a password, whereas 2FA is prompted only for password-based authentication. However, if a password is already linked to your account, enabling 2FA is recommended.


I hid my recovery codes too well and cannot find them anymore. What should I do?

You can generate new recovery codes in the Client Portal, in the Security tab of the My account section. Click the Regenerate button to get five new codes, which will overwrite the previous ones. Save the new codes in a secure location.

Warning — You must always have at least one valid recovery code. Generate new ones if needed. When you only have one left, you will be notified in the Client Portal.


Must I install an external authentication app to use 2FA or can I just request recovery codes?

To enable 2FA, you must first configure an authentication app. Recovery codes should only be used for troubleshooting if there are issues with your authentication codes. There are many free or paid apps you can choose from (e.g. Microsoft Authenticator, Google Authenticator, 1Password, Authy, etc.). Pick one and set it up to add 2FA to your Druide account.


I changed my authentication app. How can I change my Druide account settings?

To reconfigure your authentication app, go to your Client Portal, in the Security tab of the My account section. Click the Update button to remove the current authentication app and set up the new one.


My authentication app or my recovery codes have been compromised. What should I do?

As a precautionary measure, you must reset your security settings. To do this, follow these steps:

  1. Log in to the Client Portal.
    A) If your password no longer works, change it by clicking Forgot your password? and following the instructions.

    1A

    B) If you cannot use 2FA after entering your password, follow the steps to get a recovery code or request technical support to get one.

  2. Change your password if you have not done so in step 1. You can change it in the Profile tab of the My account section.

    2
  3. Go to the Security tab of the My account section.

    3A
    3B

    A) Click the Update button next to Configuration date. This will remove the authentication app from your account and allow you to set up a new one.
    B) Click the Regenerate button next to Recovery codes. The five new codes will overwrite the compromised ones. Save these new codes in a secure location.

  4. If your recovery email address has also been compromised, change it.

    4
  5. Lastly, check that no external login partners were added without your knowledge in the Login partners tab of the My account section. Remove any that you do not recognize or that have been compromised, if applicable.