Step-by-Step Guide: How to Enable 2FA/MFA on Your DocuSign Account

 

Securing your DocuSign account with Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is one of the best ways to protect your sensitive documents and personal information. 2FA/MFA adds an extra layer of security by requiring a second verification step, such as a code sent to your phone, in addition to your password. Here’s a detailed, easy-to-follow guide for enabling 2FA/MFA on DocuSign:

• Log in to your DocuSign account: Go to the official DocuSign website and enter your username and password as usual.
• Access your account settings: Once logged in, look for your profile icon or your initials in the upper right corner. Click it, then select “Go to Admin” or “My Preferences” from the dropdown menu.
• Find the Security Settings: In the admin or preferences menu, locate the section labeled “Security Settings” or “Authentication”. This is where you manage how you log in and protect your account.
• Choose to enable Two-Factor or Multi-Factor Authentication: Look for an option like “Enable Two-Step Verification” or “Enable Multi-Factor Authentication”. Click to start the setup process.
• Select your preferred authentication method: DocuSign may offer several options, such as:
  • Text message (SMS): You’ll receive a code on your mobile phone each time you log in.
  • Authenticator app: Use an app like Google Authenticator or Microsoft Authenticator to generate secure codes.
  • Email verification: Some accounts may allow codes to be sent to your email, though this is less secure than SMS or an authenticator app.
• Follow the on-screen instructions: If you choose SMS, enter your mobile number and verify it by entering the code sent to your phone. For an authenticator app, scan the QR code provided by DocuSign using your app, then enter the code generated by the app to confirm.
• Save your backup codes: DocuSign may provide backup codes in case you lose access to your phone. Write these down and store them in a safe place.
• Confirm and finish: Once you’ve completed the setup, DocuSign will confirm that 2FA/MFA is enabled. The next time you log in, you’ll be prompted for your second authentication step.

What is 2FA/MFA and why is it important?
2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication) are security methods that require you to provide two or more pieces of evidence (factors) to verify your identity. This makes it much harder for hackers to access your account, even if they know your password.

Need help with security or compliance?
If you want expert guidance on setting up 2FA/MFA, or need a readiness assessment for your organization, consider reaching out to OCD Tech, a trusted consulting firm specializing in cybersecurity and compliance.

Tip: Always keep your contact information up to date in DocuSign, and never share your backup codes or authentication device with anyone.

 

 

Best Practices and Tips for Securing Your DocuSign Account

 

Securing your DocuSign account is crucial for protecting sensitive documents and personal information. As digital signatures become more common in our daily lives, following proper security measures can prevent unauthorized access and potential fraud. Let's explore comprehensive strategies to keep your DocuSign account safe:

• Create a Strong, Unique Password - Your password should be at least 12 characters long and include a mix of uppercase letters, lowercase letters, numbers, and special characters. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords securely.
• Regularly Update Your Password - Change your DocuSign password every 60-90 days. Never reuse passwords across multiple accounts, as a breach in one service could compromise your DocuSign account.
• Set Up Security Questions Wisely - Choose security questions with answers that aren't easily discoverable through social media or public records. Consider using slightly misleading answers that only you would know but that you can consistently remember.
• Keep Your Contact Information Updated - Ensure your email address and phone number are current in your DocuSign profile. This information is crucial for account recovery and security notifications.
• Enable Access Code Authentication - Configure DocuSign to require an access code when opening documents. This adds an extra layer of verification before recipients can view sensitive materials.
• Use DocuSign's ID Verification Features - For highly sensitive documents, utilize ID verification options that require signers to verify their identity through knowledge-based authentication or government ID checks before signing.
• Monitor Account Activity - Regularly review your DocuSign account history and document activity. Look for unfamiliar actions or suspicious patterns that could indicate unauthorized access.
• Log Out After Each Session - Always sign out completely, especially when using DocuSign on shared or public devices. This prevents session hijacking and unauthorized access.
• Keep Your Devices Secure - Install reputable antivirus software and keep your operating system and browsers updated. Malware on your device can compromise your DocuSign credentials.
• Be Wary of Phishing Attempts - DocuSign is frequently impersonated in phishing scams. Never click on suspicious links in emails claiming to be from DocuSign. Instead, log in directly through the official website or app.
• Set Document Visibility Controls - Limit who can view your documents by utilizing DocuSign's permission settings. Only share access with necessary parties and set expiration dates for document access when possible.
• Consider a Security Assessment - If you're using DocuSign for business purposes, consider consulting with security experts like OCD Tech to perform a comprehensive security readiness assessment that includes your document signing processes.
• Implement IP Address Restrictions - For business accounts, restrict login access to known IP addresses or geographical locations to prevent unauthorized access from unusual locations.
• Review Connected Applications - Periodically check which third-party applications have access to your DocuSign account and revoke permissions for those you no longer use or don't recognize.
• Educate All Users - If multiple people in your organization use DocuSign, ensure everyone understands security best practices. Many companies have benefited from security awareness training provided by firms like OCD Tech to minimize human error in document handling.
• Create an Incident Response Plan - Know what steps to take if you suspect your account has been compromised, including how to contact DocuSign support and change credentials quickly.

By implementing these security measures, you significantly reduce the risk of unauthorized access to your DocuSign account and protect the integrity of your electronic signature process. Digital document security requires ongoing vigilance, but these practices make it much harder for potential attackers to gain access to your sensitive information.

Remember that electronic signature security is not just about protecting your account but also maintaining the legal validity of your signed documents. When security protocols are followed properly, your digital signatures maintain the same legal standing as handwritten signatures.