InterActive Legal MFA Policy 

Updated January 24, 2023

What is MFA? 

MFA, or Multi-Factor Authentication, is a method in which a user is granted access to a system by presenting two or more pieces of evidence to verify the user’s identity.  The most common method used to implement MFA on websites is to require 1) a user’s password, and 2) a PIN code which is retrieved via SMS (e.g., text message), Email, or a third-party authenticator app. 

Combining these two factors of authentication can provide an additional layer of security when a user’s password has been exposed to a hacker.  The hacker will need the second factor of authentication in addition to the password to access the user’s account. 

The online version of InterActive LegalSuite published by ILS Management, LLC allows users to opt-in to using MFA to better secure their accounts and client data. Users with MFA enabled will be prompted to enter a valid email address and password (the first factor), as well as an authentication code generated using a third-party MFA authenticator app (the second factor).

Virtual MFA authenticator apps for smartphones can be installed from the app store that is specific to the phone type.  The following is a list of virtual MFA apps that may be available in your phone’s app store, and which are compatible with the MFA feature in the online version of InterActive LegalSuite™: 

  • Google Authenticator 
  • LastPass Authenticator 
  • Microsoft Authenticator 
  • Duo Mobile 
  • Authy 

Should I use MFA? 

Though users currently are not required to enable the MFA feature, InterActive Legal strongly recommends our users enable MFA for their accounts.  InterActive Legal takes security very seriously (review our Security Overview).  However, even the most secure system cannot protect against the vulnerabilities inherent in passwords.  Even if your password is stored through a password service like Bitwarden or LastPass, or the password is 50 characters long, there is always a chance that the password can be compromised.  MFA provides you one more layer of security to help prevent your data from also being compromised.   

While enabling MFA requires you to take an additional step to access your account, the benefits of protecting your data far outweigh the cost of your data being compromised. 

How do I enable MFA? 

MFA can be enabled by going to https://www.smartcontent.interactivelegal.com/profile/security 

You must be logged in to enable MFA. Once you are on this page click the green “Enable MFA” button.  If you already have MFA enabled, this button will show “Disable MFA”. 

What happens if I lose my device with my MFA code generator? 

When you first configure your MFA device on InterActive LegalSuite™, you will be prompted to save several Recovery Codes.  These codes can be used to grant you access to the system, just as the 6-digit PIN from your authenticator app does. 

When you log in with your email and password and are prompted for your MFA PIN, you may use one of these recovery codes in lieu of the PIN from the app.  It is important to note that these PINs are only useable once, and you will not be able to login using the same recovery code again.  For that reason, they should only be used if you are unable to access your authenticator app for any reason. 

We highly recommend you store these recovery codes on a separate device from the one on which your authenticator app is installed, or in a separate location.  You can store them on another computer, or you can print them out and store them in a safe place.  Never store your password with these codes. 

What happens if I lose my recovery codes? 

Unfortunately, this is the worst-case scenario when using MFA.  Should you lose access to your MFA authenticator app and your recovery codes, InterActive Legal will NOT be able to recover your account.  This security measure is necessary to ensure that no unauthorized person can gain access to your account.  In a time of identity theft, social engineering, and remote work, sophisticated hackers can gather personal data regarding their victims that could be used to effectively impersonate them.  There is no way for InterActive Legal employees to verify your identity with 100% accuracy in order to provide you with access to your account, in the event that you are unable to access your MFA authenticator or your recovery codes.  We hope you understand that we are placing the safety of your client’s data over all other priorities. 

In this unlikely event, we will make every effort to allow you to continue to draft documents using InterActive LegalSuite™ by providing you with access to a new account.  This new account would not have any of your previous account’s client data but will allow you continue working and using InterActive LegalSuite. 

We use cookies to make interactions with our websites and services easy and meaningful, and to tailor advertising. May we have your consent to use cookies to track your activities? Accept Read our Privacy Notice.