This FAQ document is here to help you navigate the roll out of MFA login in Pillar. If you need any further assistance please don't hesitate to contact the team at support@pillargrc.com with your questions.
Q: Why is Pillar changing the authentication process?
A: We are implementing Multi-factor authentication (MFA) as part of our continued pursuit of security best practices.
Q: Will I have to reset my account to regain access?
A: No, your existing account will continue to be accessible via an email magic link, Google SSO or Microsoft SSO.
Q: Will my existing Google/Microsoft SSO authentication still work?
A: Yes, if you have used Google or Microsoft to log on to Pillar in the past, this will continue to work as always, no need to reset.
Q: How secure is my login information going forward, and where is it stored?
A: We use a trusted authentication third-party called WorkOS who keeps all authentication information secure and located in the US. You can read more about WorkOS’s security practices on their website.
Q: My team and I use the same account to login to Pillar, can we turn off MFA?
A: Sharing accounts is not best practice for security, and with us enabling MFA, this will likely prevent this practice ongoing. The Pillar platform can accommodate as many users as your business needs to conduct and complete your audit, which you can self manage via the “My Team” page. Feel free to add a user for all members of your team.
Q: Can I use SMS for my authentication code?
A: At this stage, we don’t support SMS for one time passwords, but would recommend the use of authentication apps such as 1Password, Authy, Google Authenticator and Microsoft Authenticator to use on you mobile device, as that second factor.
Q: What should I do when I need to change the mobiles or device holding my one time password?
A: If you change devices, you’ll need to ask our support team to reset your Multi-Factor Authentication. If you reach out to support@pillargrc.com we can get that done for you, and upon your next login, you’ll be asked to re-register your MFA on your new device.
Q: Can I use a password instead of magic link?
A: At present, we don’t support password based logins. This is something we’re considering in future based on user demand.
Q: Which authentication app would you recommend?
A: We aren’t able to recommend a single application, but can point to the following tools that are trusted across the industry:
- 1Password, Bitwarden and Dashlane are all well regarded password management platforms that can store your passwords and one time passwords, with end-to-end encryption
- Authy, Google Authenticator and Microsoft Authenticator are all well trusted one time password applications.
Q: What if I don’t have my phone on me but need to access Pillar?
A: In these cases, unfortunately you won’t be able to access Pillar. This is by design to make sure that you are using two factors to authenticate and we’re keeping the sensitive information shared as part of audits, secure.
Q: What is the difference between 2FA and MFA?
A: Great question! 2FA and MFA are somewhat interchangeable, however 2FA indicates the use of just a second factor (two factor authentication) and MFA is not limited in the number of factors that could be enforced by the platform or system you’re trying to log into (multi factor authentication). Pillar is requesting just a second factor for now.
Q: Has Pillar always been secure if you are only implementing MFA now?
A: Yes absolutely - we had a series of safeties in place to safeguard data and unauthorised access to our systems, but as part of our ongoing and regular reviews, we identified the need to meet industry standards around the use of MFA.