How Does Two-Factor Authentication (2FA) Work?

Logging in with Two-Factor Authentication (2FA)

Once 2FA is activated, you’ll need to generate a new code using your authenticator app every time you log in to your SabeeApp account.

Here’s how the login process works:

Go to the Login Page: https://chm.sabeeapp.com/login.
Enter Your Credentials: Input your email address and password, click on Sign In
Open the Authenticator App: On your smart device (e.g., phone, tablet, iPad, or Apple Watch), open the authenticator app and select SabeeApp (if you have multiple accounts linked).

4. Enter the Code: Copy the 6-digit code from the authenticator app into the login page on SabeeApp.

5. Options After 2FA:

Don’t ask for 2 weeks: Skip 2FA for two weeks, but you’ll still need your email and password to log in.
Ask code every time: Enter the 2FA code every time you log in.

6. Select Your Account in SabeeApp: If you have access to multiple SabeeApp accounts (sibling accounts) with the same login credentials, you’ll be prompted to select which account to log into after clicking Verify.

7. Select the correct Authenticator: If you have multiple SabeeApp accounts with different login credentials, ensure you set up each account separately in your authenticator app. Always use the correct account in the authenticator app to generate the code for logging in.

Options to Stay Logged In for 2 Weeks

There are two layers to asking the SabeeApp system to keep you logged in for 2 weeks.

1. Keep Me Logged In (2 Weeks)

When entering your email and password, select the Keep Me Logged In (2 weeks) checkbox.

How It Works:
- A unique code tied to your device and browser is saved in a cookie.
- Simply close the SabeeApp window without logging out to maintain the login.
- Logging out clears the code, requiring a fresh login next time.
Important:

This option only works on the specific device and browser where saving cookies was enabled.

2. Don't ask for 2 weeks:

As a next step it will take you to the page where you can enter your 6 digit code from the authenticator app. After entering your 6-digit code from the authenticator app, you can select Don’t ask for 2 weeks to skip 2FA code entry for the next two weeks.

How It Works:

Don’t ask for 2 weeks: Skip 2FA for two weeks, but you’ll still need your email and password to log in. To log in automatically and go straight to the SabeeApp dashboard without entering any credentials, make sure to select "Keep me logged in (2 weeks)" during the previous step.
Ask code every time: Enter the 2FA code every time you log in.

Important Notes

Combining Options:
- Keep Me Logged In (2 weeks) and Don’t Ask for 2 Weeks,
  If you select both options, you won’t need to enter your password or code for 2 weeks, as long as you don’t log out. However, if you log out within this 2-week period (instead of simply closing the SabeeApp window), you’ll need to enter your password the next time you log in, but not the 2FA code.

- Keep Me Logged In (2 weeks) and Ask for Code Every Time
  If you select "Keep Me Logged In (2 weeks)" and "Ask for Code Every Time," you won’t need to enter your password or code for the next 2 weeks, as long as you don’t log out.
  
  However, if you log out within this 2-week period (instead of simply closing the SabeeApp window), you’ll need to enter your password and code the next time you log in.

- Only select Don’t Ask for 2 Weeks (which is referring to the 2FA code only) you’ll need your email and password but not the 2FA code.

Scenarios That Prevent / End the 'Keep Me Logged In' Feature

Manual Logout Across All Devices
- Logging out manually affects all devices and browsers associated with the user's account.
- Since cookies are browser-specific, the term "user device" refers to all browsers (e.g., Chrome, Safari, Firefox, Edge, Opera, Brave) on every device the user has used to access SabeeApp (e.g., PC, laptop, tablet, smartphone).
- For example, if a user logs into SabeeApp on both their phone and work laptop, logging out from the laptop will also log them out of their phone—even if they selected “Keep me logged in” on the phone.
Programmatic or Manual Session Termination by SabeeApp
- User sessions can be terminated on our end for the following reasons:
  1. Deploying Updates: When updates affecting user sessions are rolled out, all users are logged out to ensure changes take effect.
  2. Administrative Actions: Admins may manually log users out if their activity poses performance or security risks, such as:
    - Misusing bulk functions
    - Accounts suspected to be compromised
    - Encountering system bugs
- In these cases, all active sessions end, logging users out of all devices, regardless of the "Keep me signed in" setting.
Manual Cookie Deletion
- If a user manually deletes all cookies—or only those created by SabeeApp—from their browser, the "Keep me logged in" function is disabled.
Automatic Cookie Deletion by the Browser
- Browsers configured to automatically delete cookies (or SabeeApp-specific cookies) after closing a tab or window will prevent the "Keep me logged in" function from working.
Incognito/Private Browsing Mode
- Using SabeeApp in private browsing mode blocks cookies and other browsing data.
- Once the session ends (e.g., closing the tab or window), the "Keep me logged in" function is invalidated.
Strict Browser Privacy Settings
- Browsers set to block all cookies prevent the "Keep me logged in" function from working.
- Users can whitelist SabeeApp to enable cookies and retain the function, but unless this is done, the feature won’t operate as intended.

Special Cases:

Using a New Device: If you’re logging in from a new device, a separate device code won’t be requested since 2FA already protects your account.
During Password Changes: When changing your password from the login page, you’ll also need to provide your 2FA code.

Potential 2FA Login and Code Issues: Solutions