Welcome to the next level of Authentication
This page serves as your guide to MFA.
Your Guide To MFA
Multi-factor authentication (or MFA, for short) asks individuals for a secondary confirmation of their identity at log in. Our organization requires using a physical device in the user’s possession (mobile app or hardware key). Passwords are essential for security and privacy, but they are often not enough. MFA is the most effective method of account takeover prevention, helping to protect you, the organization, and the data of all parties.
For a primer on MFA and its importance, please visit CISA.gov: More than a Password
Evo Secure is the MFA we have chosen to protect your organization. It creates an “Invisible layer” that centralizes and protects all parts of the organization. Using Multi-factor Authentication and access controls to prevent all methods of login hacks. Users no longer need to do anything on their own. Using Evo Security makes it extremely difficult for a cyber-criminal to be successful.
Download and install the app
- With your favorite supported mobile or tablet device in hand. Open the respective app store.
- In the app stores search field, enter Evo Secure.
- Click the Evo Secure Login app.
- Click Get (iOS) or Install (Android).
First time app activation
- The very first time you use the Evo Secure Login mobile app, you’ll be presented with the welcome screen, which will require you to scan the Evo Secure QR Code
- If you’re a new user to your organizations instance of Evo, follow the steps in the welcome email. If you didn’t receive a welcome email, contact your organizations administrator.
Click Scan QR to continue.
- Once the QR Code has been successfully scanned, click Continue.
- Answer the security questions, click Save.
- Congratulations! You have completed the initial setup of your Evo Secure Login mobile app.
- Note: Evo app requires biometric capability on your mobile device, such as fingerprint or facial recognition. If your device is not capable of this please use a different authenticator.
When you open the Evo Secure Login mobile app, you’ll be required to authenticate based on your mobile devices’ security and biometrics settings.
The main page of the mobile app will show your Evo and Third-Party keys.
- Clicking the appropriate key will present you with the one-time authentication code.
- You can collapse (hide) or expand (reveal) all if your keys by clicking the to the left of each key heading.
- From the main mobile app page, click the button with the three lines.
- Click Offline Codes.
- Answer the security questions associated with your Evo account.
- Click Done.
- Click the account you’d like to see the offline codes for.
- Click Done.
Add new keys
Adding new keys to the Evo Secure Login mobile app is super easy.
From the main page of the mobile app, click the plus icon. Scan the QR Code.
How to restore 3rd party keys
If for any reason you needed to reinstall the Evo Secure Login app you can restore your 3rd party keys with a click of a button. Restoring 3rd party keys is great, especially if you have several keys tied to your organizations instance of Evo Security.
- Open the newly installed Evo Secure Login mobile app.
- Click Restore.
- Answer the security questions associated with your Evo account.
- Click Done.
Optionally you can choose to start fresh and not restore your keys.
To do this, you will need a new QR Code to scan, or a new one-time code to login into your organizations Evo portal, your organizations administrator should be able to help you with that.
Once you have the new QR Code, from the apps splash page, click Continue, and scan the code
Supported devices and versions
(watch OS 7 and above)
If you have your Apple watch set to install all apps that are installed on your iPhone, you should be all set to start using the Evo Secure Login watch app.
- From your Apple mobile device, open the Watch app.
- From the Watch app, tap My Watch.
- Scroll down to Available Apps.
- Tap Install for the Evo Secure Login app.
Congratulations! You have completed the installation of your Evo Secure Login watchOS app.
The watch app works just like you’d expect. When a push notification is sent it will be received by both your iPhone and your Apple watch. Allowing you to accept or decline the push notification from other.
The difference however is with the Apple watch, you’ll notice that there are 3-buttons available, rather than the standard 2 that you see on the iPhone.
- Approve > Approves the push notification OTP and completes the login.
- Deny > Denies the push notification OTP and prevents the login from proceeding. Requiring you to request a new push notification if login is still required.
- Dismiss > Closes the application, resulting in no action taken. If you select Dismiss, you can still approve or deny the push notification from your iPhone.
When a user logs into their computer via the Evo Credential Provider, the credential provider prompts the user to enter their username and password.
•The username and password combination are for the Windows/AD account.
•If the account is recognized, the credential provider progresses to a new screen where it prompts the user to enter an MFA code.
**If the user does not see the next screen, it is because:
- Evo Credential Provider could have been configured incorrectly.
- The user does not have an Active Domain account registered on Evo.
- Possible network problems.
•If the user approves the push notification, or if they successfully enter the MFA code in the ECP, and the Windows credentials are correct, then Windows will logon the user.
If the user is prompted for an OTP, but the push notification was not received. It could be a result of:
- The user has not set up the Evo Secure Login mobile app for their AD account on their phone.
- The AD account is mapped in the Evo system to a different email account than what the user expects.
Error scenarios for Windows Login
When the user tries to log into Windows using the ECP, there are several ways that the system can fail to logon.
- The user enters an incorrect password for the system. In that case, the user will be displayed a message ofThe username or password is incorrect.
- The user manually enters the MFA code, the MFA code may be incorrect. In that case, the ECP will display a message of Wrong One-Time Password!
- The user enters an account name that the Evo system cannot find, then the ECP will display a message like Unable to connect to server. There may be more than one reason this message could be displayed: User has not been synced to Evo with the entered username/email address.
- If the user’s network is down or the Evo website is somehow down, the user can receive the above-mentioned message. If it is a networking problem. The user has a previous successful login on the machine, then there should be some stored offline MFA codes. In that case, the user will see a display message of Whoops! Please use the offline code optoin in the Evo mobile app on your registered device.
- If the user would like to back out of any sign-in flows, make sure the text boxes are empty and hit ENTER/RETURN. This will cancel the sign-in flow and back the user out.
When a user logs into Evo via the web page, the user enters their email address and password. Based upon this combination, the system sends a push notification to the Evo Secure Login mobile app and if accepted, logs in the user.
Our Evo Secure Login Mobile App allows users to access an offline code in the event that they do not have internet access to their secured device, such as a laptop or a desktop, with the Evo Credential Provider.
NOTE: Offline codes are only used with Secure Logins only. You cannot perform an Elevated Login (elevated access) with offline codes as Elevated Access requires internet connection.
1. Offline code only works if user(s) had signed in the PC using Secure Login app before the internet was down. Then the Offline option will pop up for the user can enter offline code, like the photos below.
** For Offline Access, the local username should be used to login not email address.
2. If a user never signed in before, it would pop up an error message. So, offline code will not work for this user.
To access your offline codes:
1. On your Evo Mobile App, you should notice 3 dots (or lines) next to the “+” sign at the top right.
2. Clicking this screen will reveal detailed information about the app, such as turning on logging or app version. You will also notice the “offline codes” button.
3. After clicking there, you will be presented with your security questions. Answer those questions accordingly,
4. After answering those security questions, you’ll be presented with a list of your Evo keys/accounts.
5. Select one of these accounts, and your offline code is revealed!
While we recommend using the Evo Secure Login app for your MFA needs, you are free to other mobile authenticators such as Google Authenticator for your MFA needs. However, this comes with a few drawbacks if you choose to go this route:
- You will not receive push notifications to your device
- You will not be able to access an offline code
- You will not be able to restore your code(s)
- You will not be able to log into a corporate device if it is not online
*Do note, we do not support third-party authenticator apps. So, if you experience issues there, we are unable to provide support.
Google Authenticator: Android (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) | Apple (Google Authenticator on the App Store (apple.com)
Microsoft Authenticator: Microsoft Mobile Phone Authenticator App | Microsoft Security
If you need further assistance, please reach out to DoveIT support.
Downloading an MFA app like Evo Secure Login is safe as it provides an extra layer of security by generating time-sensitive codes for two-factor authentication.
This app only has access to minimal information on your phone, solely focusing on generating secure codes and enhancing the overall protection of your accounts. Location permission is used to authorize where you are located when you approve any login. Dove does not allow any logins outside of the US or Canada for Company security. Notification permissions on the EVO app allow it to send you a Push notification (you can get the language from the relevant links
In the world of cybersecurity, hackers now focus on exploiting users more than computers, aiming to access organization data with authorized users like you. Using data from the dark web, lists of known passwords, and even some social engineering, the goal is to impersonate you to gain access. As a response, organizations need additional ways to verify that a user account requesting access is really the individual in question.
In truth, about 90% of successful attacks are due to login breaches , and 60% of small businesses hit by a ransomware or other breach event won’t survive more than six months. If important now more than ever to ensure your organization is safe. By adding Multi-Factor Authentication (MFA), we can disable 99% of the impersonation attempts at once.
“Our organization is too small for a hacker to care!”
Cyber Criminals are smart, and hacking is a business. They know it’s not about how small you are, but how much you’re willing to pay to get back what they’re holding hostage. They now look for easy targets.
Passwords and their complexity have done a great job so far, and are still needed for a secure user experience, but the sad truth is that, no matter the complexity, passwords are almost trivial to overcome. Many individuals use the same password for work and personal, and most people have already been breached, leaving breadcrumbs for attackers to follow. Even the most complex password with 8 characters can be deciphered by tools in about 8 hours.
No, if requested, a physical hardware key will be provided, but all emails, teams, and other company resources will be removed from personal devices and only accessible from corporate owned devices.
•Replacement keys if lost or stolen will be replaced at a cost of $45.
If you would like to pursue this option, please reach out to DoveIT Support.