Your account has access to great deals of information. Whether it is only your personal information, or all employees, it is critical to have controls protecting this access.

Compromised Credentials:

Keeping your username and passwords, your credentials, confidential is the first line of defense significant control for protecting your online accounts.

Paycor’s systems allow passwords up to 120 characters long and require passwords to be changed at least annually.

Multifactor Authentication:

Multifactor Authentication is the best answer to combatting compromised credentials. Multifactor authentication (MFA) is a method for user identification that requires more than one method of authentication from something the person knows (password), something the person has (security token), or something the person is (biometrics). As an example: when you swipe a debit card your bank will also require a PIN. This is an example of a transaction protected by a second factor. You have your debit card, and know your PIN. If someone steals your debit card, they shouldn’t know your PIN. If someone else watches you type in your PIN, they should not have your debit card.

The most common implementation of this is a two-step authentication requiring the user to know a temporary code sent via text message, phone call, or email message. By knowing this one-time password (OTP), you prove you have access to the email or phone. For a user to get into your account, they had to have access to your machine, your email/phone, and your username and password.

Our implementation will also allow you to remember your device for up to 90 days to prevent being prompted each sign-in from a known device. If you would like to be prompted each time, you can uncheck this value.

Because the code is sent via email or phone, it is important to protect access to these devices. If you lose control of these devices, a malicious user could use them to authenticate as you. We strongly recommend enabling MFA (or more precisely) two-step authentication on the email accounts you use with Paycor.com. Emails are used for account recovery and password reset flows. If a malicious user has access to your email, they could potentially initiate a password reset and gain access to your account that way.

Paycor requires two-step authentication for all user accounts that have administrator-level access. Clients may request this to be enabled for their employees.