1. Home
  2. Articles
  3. Security and Compliance

Set Up Multi-Factor Authentication

Updated

Your guide to ClioCon is here!

Explore sessions that help you automate more of your work.

Get the guide

Multi-factor authentication (MFA) strengthens account security by requiring more than one way to verify your identity. For your Clio account, this means logging in with your username and password and then completing a second verification step—by approving a push notification on the Clio for Law Firms and Lawyers mobile app, entering a time-sensitive code sent to your mobile device via text message (SMS), or entering a code generated by an authentication app or password manager. Enabling MFA adds an extra layer of security if your password is compromised.

Tip: If you are an administrator at your firm and have MFA enabled on your own account, you can invite or require other firm users to enable MFA on their accounts. Learn more about enabling firm-wide MFA.

Set up MFA via an authenticator app

Clio currently supports authentication through password managers (i.e., 1Password) or a standard authenticator app. We recommend using a password manager that can be installed on your work computer (desktop or browser extension). This allows you to generate a time-based one-time password (TOTP) required for login without needing to access a personal mobile device for every sign-in. Enabling MFA with an app or password manager generates a TOTP on your device or in your browser. This code is required to complete your login. 

What is a TOTP? A time-based one-time password (TOTP) is a temporary code generated by an algorithm. For your Clio account, this means a six-digit code that appears in your authentication app or password manager for 30 seconds before it is replaced with a new six-digit code.

Step 1: Download an authentication app

Before enabling MFA in your Clio account, download an authentication app or password manager on your smartphone or computer. Clio supports standard TOTP applications. Using a password manager lets you store and manage passwords and one-time passcodes in a single, secure location on your firm-managed devices.

Clio supports several applications, including the following:

  • Google Authenticator
  • 1Password
  • LastPass
  • Microsoft Authenticator
  • Duo Mobile
  • OneLogin

 

Step 2: Turn on MFA via authenticator app in Clio

After downloading an authentication app, you can enable MFA in your Clio Manage or Clio Grow settings. When MFA is enabled in one account, either Clio Manage or Grow, it is automatically enabled in the other account.

Clio Manage Clio Grow
  1. Go to Settings > Security & Compliance.
  2. Under My Security, click Update your security settings.
  3. Scroll down to Multi-factor authentication and click Set up multi-factor authentication.
  4. Enter your Clio login password and click Continue.
  5. Select Authenticator app from the list of options and click Continue.
  6. Open your authentication app and add a new account by clicking the + icon or by clicking add account.
  7. Use your device’s camera to scan the QR code that appears in Clio. You can also manually enter the secret key.
    • If the QR code is not visible, you may already have MFA set up on another device.
  8. In Clio, click Continue, enter the six-digit code generated by your authenticator, and then click Continue again.
  9. Click Done.

Tip: When prompted to enter the TOTP code at your next login, check the box for Keep me logged in for a week to extend your session by a week.

 

Set up MFA via text messaging

Clio supports authentication via text messaging (SMS). Enabling MFA using text messaging requires a phone that can receive SMS text messages, your Clio username and password, and a temporary code sent to your phone from Clio.

You can enable MFA in your Clio Manage or Clio Grow settings. When MFA is enabled in one account, it is automatically enabled in the other.

Note: The code sent to your mobile device will expire 10 minutes after being sent.

Clio Manage Clio Grow
  1. Go to Settings > Security and Compliance.
  2. Under My Security, click Update your security settings.
  3. Scroll down to Multi-factor authentication and click Set up multi-factor authentication.
  4. Enter your Clio login password and click Continue.
  5. Select Text message from the list of options and click Continue.
  6. Enter your primary phone number into the provided field and click Continue.
    • The field should automatically select your country and format your phone number.
  7. Enter the six-digit code sent to the mobile device connected to the provided phone number, and then click Continue.
  8. Click Done.

Tip: When prompted to enter the code at your next login, check the box to Keep me logged in for a week to extend your session by a week.

 

Use the Clio for Law Firms and Lawyers Mobile App for MFA verification

If you already have the Clio for Law Firms and Lawyers Mobile App installed and push notifications enabled on your device, push notification approval is sent to your phone by default when you log in to Clio Manage on the web. No additional setup is required.

When you log in on the web, you will receive a push notification on your phone asking if you just signed in to Clio from your web browser. Tap to approve, and your web session is authenticated.

If you used the Clio for Law Firms and Lawyers mobile app prior to setting up MFA, make sure that your notifications are turned on to receive push notifications as an MFA authentication method.

 

Download and use backup codes

Emergency backup codes can help you gain access to your account in case you lose your phone or lose access to your authentication app, and if you cannot sign in to Clio. See the steps below to learn how to download a copy of your backup codes in both Clio Manage and Clio Grow and how to enter a backup code when logging in.

Download backup codes:

Clio Manage Clio Grow
  1. Go to Settings > Security & Compliance.
  2. Under My Security, click Update your security settings.
  3. Scroll down to Multi-factor authentication.
  4. Next to Backup codes, click Download.
  5. Enter your Clio login password and click Continue.
  6. Download your backup codes and store them somewhere safe.

 

Enter backup code:

  1. Enter your username and password.
  2. Under Security code, click Use backup security code.
    • Do not enter the backup code in the Security code field.
  3. Under Emergency backup code, enter one of your backup codes and click Sign in.
Important: You can use any code to sign in, but each code can only be used once.

 

Troubleshoot MFA login issues

If you do not have access to your authenticator, you may still be able to log in to Clio since MFA sessions can be extended up to a week. If you can still log in, re-add your account to your new device or alternate authentication app.

Important: If your MFA code is not being accepted, check that the device where you are entering the code has the same timezone and time as the mobile device with the code. If the timezones of your devices are different, a code may be classified as 'expired'.

Tip: If you get a new phone, lose your device, cannot access your Clio account as described above, or do not have access to your backup codes, ask an administrator at your firm to disable MFA for your account.

Note: If none of the steps above are effective, you can recover your account or contact Clio's support team to get help with account recovery.

 

Need more help?

Was this article helpful?
0 out of 1 found this helpful