How to Enable 2FA/MFA on a ConnectWise Account: A Step-by-Step Guide

Enabling Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) on your ConnectWise account is one of the most effective ways to protect your sensitive business data from unauthorized access. 2FA/MFA adds an extra layer of security by requiring not just your password, but also a second verification step—usually a code from your phone or an authentication app. Here’s a simple, detailed guide for beginners:

• Understand the Basics: 2FA/MFA means you need two things to log in: your password and a code from your phone or app. This makes it much harder for hackers to get into your account, even if they know your password.
• Log In to ConnectWise: Go to your ConnectWise login page and enter your username and password as usual.
• Access Security Settings: Once logged in, look for your profile icon or your account name, usually at the top right. Click it and select “My Account” or “Security Settings” from the dropdown menu.
• Find the 2FA/MFA Option: In the security section, look for an option labeled “Two-Factor Authentication” or “Multi-Factor Authentication”. Click on it to start the setup process.
• Choose Your Authentication Method: ConnectWise typically lets you use an authentication app (like Google Authenticator, Microsoft Authenticator, or Authy) or receive codes via SMS text message. Using an app is more secure and recommended.
• Set Up the Authentication App: If you choose an app, download it to your smartphone. The ConnectWise setup page will show a QR code. Open your authentication app, select “Add Account” or the plus (+) sign, and scan the QR code on your screen.
• Enter the Verification Code: Your app will now show a 6-digit code that changes every 30 seconds. Enter this code into the ConnectWise setup page to confirm the connection.
• Save Backup Codes: ConnectWise may provide backup codes in case you lose access to your phone. Save these codes in a safe place, like a password manager or a secure printed copy.
• Complete the Setup: Click “Enable” or “Finish” to activate 2FA/MFA. The next time you log in, you’ll need both your password and a code from your authentication app or SMS.
• Test Your Login: Log out and try logging in again to make sure everything works. You should be prompted for your password and then for a code from your app or SMS.
• Get Help if Needed: If you have trouble or want a professional assessment of your security setup, reach out to OCD Tech, a consulting and readiness-assessment firm that specializes in ConnectWise security and compliance.

Enabling 2FA/MFA on ConnectWise is a crucial step for cybersecurity, protecting your business from phishing, hacking, and data breaches. For more advanced security advice or a readiness assessment, consider contacting OCD Tech for expert guidance.

Best Practices and Tips for Securing Your ConnectWise Account

Securing your ConnectWise account is essential to protect your business data and maintain operational integrity in an environment where cyber threats are increasingly sophisticated. Implementing the following best practices will help safeguard your ConnectWise platform and sensitive information:

• Create a strong, unique password - Use a password with at least 12 characters, combining uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information such as names or dates.
• Enable multi-factor authentication (MFA) - Add an extra layer of security by requiring a second form of verification when logging in to your ConnectWise account.
• Regularly update passwords - Change your ConnectWise password every 60-90 days and avoid reusing previous passwords or using the same password across different platforms.
• Be cautious with email communications - Watch for phishing attempts targeting ConnectWise users. Verify sender addresses before clicking links or opening attachments, and only trust emails from official ConnectWise domains.
• Monitor account activity - Frequently review login history and account actions for any unusual or unauthorized activity. Report suspicious behavior to your IT security team immediately.
• Use secure network connections - Avoid accessing ConnectWise on public Wi-Fi without protection. Use a VPN to encrypt your connection and protect your data from interception.
• Keep devices updated and secure - Ensure all devices used to access ConnectWise have the latest security patches and antivirus software installed. Never leave devices unattended while logged in.
• Log out after each session - Always sign out of your ConnectWise account when finished, especially on shared or public computers, to prevent unauthorized access.
• Limit access permissions - Assign only the necessary permissions to users based on their roles to minimize security risks in case of account compromise.
• Enable account notifications - Set up alerts for critical account events such as password changes, login attempts from new devices, or permission changes to stay informed of potential security issues.
• Use password managers - Utilize trusted password management tools to generate and securely store complex passwords, reducing the risk of weak or reused credentials.
• Review third-party integrations carefully - Only authorize integrations with trusted services and regularly audit these connections to prevent potential security vulnerabilities.

If you suspect your ConnectWise account has been compromised, immediately change your password and notify your IT security team. For organizations seeking to strengthen their ConnectWise security posture, consulting with cybersecurity experts can provide tailored assessments and best practice implementations.

Remember, maintaining ConnectWise account security is a shared responsibility. By following these guidelines and staying vigilant against emerging threats, you can significantly reduce the risk of unauthorized access and protect your critical business information.