What is 2FA and how does it work?
Two-factor authentication (2FA) is a security system that requires more than one method of authentication to verify a user's identity. 2FA requires users to provide two or more verification methods to gain access to a system.
Why is 2FA being implemented in Realworks?
2FA is being implemented to enhance security and protect user data from unauthorised access. It significantly reduces the risk of cyber attacks and ensures relevant persons are keeping compliant with the new data protection requirements under the Residential Tenancies and Rooming Accommodation Act 2008 (Qld) which commenced on 1 May 2025.
What should users with shared email accounts do?
Users with shared email accounts should transition to individual email accounts. Only a Principal User can create and edit users in Realworks. Users should ask their Principal User to set up access relevant for their use of the platform. Each user will need their own unique authentication method to comply with 2FA requirements.
How will 2FA affect my login process?
After entering your password, you will be prompted to provide a second form of verification, such as a code sent to an authentication app.
How do I set up 2FA?
Follow the instructions in the Realworks Help Guide for setting up 2FA.
How do I get the Microsoft Authenticator application?
See the Microsoft support page here.
How do I add an account to Microsoft Authenticator?
See the Microsoft support page here.
How to get Microsoft Authenticator on new phone without old phone?
See the Microsoft support page here.
Where can I get support when using the Microsoft Authenticator app?
You can visit the Community Support Page here.
You can also contact Microsoft Support here.
What will happen if I don’t set up an individual user log in?
Your access to Realworks may be restricted if you do not have an individual log in and unique 2FA set up. Please note, it is an existing system requirement for all users to have an individual log in, in accordance with the Realworks Terms of Use.
Will this affect my DocuSign subscription?
If you have purchased a DocuSign subscription associated with a shared Realworks user and subsequently need to create a new user in Realworks, the DocuSign subscription will remain with the original user. The terms of purchase of the limited DocuSign subscription purchased via Realworks state that the subscription is non-transferable and non-refundable.
If you require DocuSign for both users, we recommend purchasing a separate DocuSign subscription for the new Realworks user to ensure all parties can send and execute documents electronically.
Do I need to be a Principal User to create a new log in?
Only Principal Users can set up separate user accounts within the system. Otherwise, the Principal User can make a request with the Realworks support team to assist with this if needed. Users cannot make changes on the customer’s subscription, nor can they instruct the Realworks support team to make any necessary changes.
If a Principal User is not contactable, then your use of Realworks may be limited until the Principal User can be contacted. REIQ recommends more than 1 person is given Principal User access to ensure critical account management can occur if one of the Principal Users are away. Principal Users can edit the users on their subscription. See our help guide for editing users.
Will I be automatically locked out if I use a shared log in?
No. Users will be given three opportunities to set up 2FA when they sign in. This may give you some extra time to set up 2FA.
Receiving 'Invalid OTP' error message?
We're receiving feedback from some subscribers who have already enabled 2FA that, when they are prompted to enter their two-factor authentication code on logging into Realworks, they are receiving an 'Invalid OTP' message.
This could be occurring because your smartphone and computer/laptop are not synced to the same time zone.
Download our troubleshooting tips below to rectify this issue.
Still have access to the authenticator app on your old device?
If you still have access to your old phone that holds the 2FA app and code generator, please obtain the code, login to your Realworks account and follow the below steps.
De-activate 2FA on old phone
- Click your name on the bottom left-hand side of the screen.
- Select the User button.
- Scroll to the bottom of the screen and select ‘Disable 2FA’.
- Enter the OTP Code provided in your Authenticator app on your old device and click Submit.
- The 2FA should now be de-activated on your account. Please download the 2FA app to activate it on your new phone.
Re-activate 2FA on new phone
- Select 'Enable 2FA'.
- Open your Microsoft Authenticator App or Google Authenticator App, and scan the QR Code presented from Realworks, through the authenticator app.
- Enter the 6-digit code generated from the authenticator app, into real works & click 'verify'.
- 2FA will now be re-enabled
Unable to locate 2FA code?
If you are unable to locate the two-factor authenticator code on your mobile device from the Microsoft or Google Authenticator app, please ensure to check any other authenticator apps that you have downloaded on your phone or computer as the code may have saved there instead.
If you’re unable to find the code there, but 2FA has been enabled, this may have saved in your device’s built-in password manager app.
For iPhone users
ICloud Keychain: This is a built-in password, passkey and other credentials app. This app's logo has a white background with three multicoloured keys within it.
Where to check: Settings > Passwords (you might need to use Face ID or your passcode to access it). Here, you'll find saved passwords and potentially some 2FA codes for websites and apps that use Apple’s autofill feature for login and 2FA.
For Samsung (Android) users Samsung Pass: Samsung Pass is Samsung’s built-in password manager, and it might store not just passwords but also 2FA information for Samsung accounts and other services. If the user has used Samsung Pass to store their login credentials, there’s a chance the app might also save 2FA backup codes or other authentication-related info. Where to check: Settings > Biometrics and security > Samsung Pass > Log in to see if 2FA codes are stored with the credentials. *Please Note: 2FA codes for Realworks do not get sent as text messages or emails*