To better protect your club's sensitive data, Xplor Gym is introducing two-factor authentication (2FA) on the back office. Every fortnight, you will need to enter your usual password, followed by a unique code received by SMS or email. This code guarantees that you are indeed the account holder, reinforcing security and blocking any unauthorised access, even if the password has been compromised.
π This article answers any questions you may have about this new safety measure.
β οΈ Essential check before installing
Before activating two-factor authentication, make sure that each back office user has at least a valid email address on their user file. It is also strongly recommended to enter a telephone number.
Without this information, users will not be able to receive their connection code and may be blocked from accessing the site.
Two-factor authentication (2FA) has been introduced to strengthen the security of access to the Xplor Gym back office. Today, the data managed in the software (members' personal information, means of payment, invoicing data, etc.) is sensitive. It is therefore essential to protect it effectively.
π By adding a validation step by SMS or email, even if a password is stolen or guessed, unauthorised access is blocked.
This measure is part of an overall approach to securing digital tools and complying with best practice in data protection.
Before activating two-factor authentication, make sure that each user in your back office has at least a valid email address, and ideally also a telephone number in their profile.
π One of these two methods (SMS or email) will be used to send the verification code when you log in. Ideally, it is recommended that you fill in both, to ensure flexibility and continuity of access should the need arise.
A quick check today = a smooth transition tomorrow!
Two-factor authentication (2FA) will become compulsory for all users of the Xplor Gym backoffice.
π A gradual roll-out phase is planned for the summer of 2025, starting with volunteer clubs to test and support the activation of the system.
π Before the end of July 2025, the 2FA will be activated for all clubs using Xplor Gym, without exception.
Two-factor authentication will be activated for all clubs before the end of July 2025.
The roll-out will be gradual and communications will be sent out in advance.
All backoffice users are affected by the introduction of two-factor authentication. This includes administrator profiles, managers, coaches or any other person with access to the Xplor Gym backoffice.
π This measure does not affect your clients: they will not be impacted in the member area or on the application.
You won't have to do a thing. Two-factor authentication will be automatically activated for all users.
π© A notice will be sent to you in advance so that you can prepare yourself calmly.
Don't worry: if a user doesn't have a telephone number, they can receive the verification code by email.
π It is therefore essential to ensure that the email address given in the user file is correct and accessible.
No. Once you have entered the code, it will remain in memory for 15 days on the device you are using. You will simply have to re-enter it once this period has elapsed, or if you reconnect from another device or browser.
In this case, each user will receive a check when they log on for the first time:
- The first person enters their code, which remains active for 15 days.
- When changing user, the second person will also have to enter their own code.
π Validation is linked to the user and the computer. Each employee will therefore have to validate his or her identity, even if the computer is shared. And when a user defines the computer as a βtrusted deviceβ, they no longer have to validate their authentication for 15 days.
π Best practice if sharing a computer:
Never save the password in the browser
β€ Avoid clicking on βSave passwordβ in Chrome, Firefox or Safari. This would allow the other person to log in for you without your authorisation.
Always log out after use
β€ Remember to log out manually at the end of each session to prevent unauthorised access.
A check request is launched in the following cases:
- β If you are connecting from a new device or browser,
- β If you change users on a shared device and one or other has not validated their connection for more than 15 days.
β³ Once the check has been carried out, it remains valid for 15 days for each user, on each device used.
-
Check contact details
Make sure that the user's email address and mobile phone number are correct and up to date. -
Send code back
Click on the βI have not received the codeβ or βStart the procedure againβ button to generate a new shipment. -
Contact Support
If the problem persists, please contact our support team for assistance. -
Good to know:
To avoid this type of blockage, inform your users that it is essential not to unsubscribe from emails and text messages sent by Xplor Gym, particularly those containing login codes.
Your management exports may contain client data that could be misused for fraudulent purposes. A set of around twenty exports is now protected by two-factor authentication. They are listed in the following article.
Comments
Please sign in to leave a comment.