WIXLIB

Secure File TransferUser GuideTwo-step verification - External Users2/4/2022

Secure File TransferT wo Step Verification – External UsersTABLE OF CONTENTSPurpose . 2System Location. 2Background. 2Supported Authentication Apps. 2Passcode Duration . 2Recommendations . 2General . 2Authentication Apps . 2Rollout . 3Help . 3External Links. 3Procedures. 3Enable two-step verification at Abond SFT sign-in . 4Email option . 4Authentication app option . 4Authy . 5DUO Mobile . 6Google Authenticator. 7Microsoft Authenticator. 8Keeper Security . 9Enable 2 step verification from Abond SFT account profile. 11Accessing your Abond SFT account profile page. 11Email option . 11Authentication app option . 11Authy . 12DUO Mobile . 13Google Authenticator. 14Microsoft Authenticator. 15Keeper Security . 16 2022 Abond CRO Inc. Proprietary and ConfidentialPage 1 of 16

Secure File TransferT wo Step Verification – External UsersPurposeThis document explains the process of enabling two-step verification (also known as two-factorauthentication) on your Abond CRO Secure File Transfer (SFT) website account.System LocationAbond CRO Secure File Transfer website URL: d CRO highly values the security of the confidential information that we hold. The SecureFile Transfer (SFT) website is being updated to use two-step verification to improve the security of thesystem which is being used to exchange confidential documents with our partners.Two-step verification on the Abond CRO SFT website is an added authentication step to becompleted after entering your Abond SFT website username and password. Specifically, you will needto enter a passcode retrieved from either your registered email address or your registered authenticatorapp, per your preference. Abond SFT website login passcodes support email or an authenticator app.Supported Authentication AppsAny authentication app that supports time-based one-time passwords (TOTP) should work. Thefollowing apps have been validated and are covered here: Google Authenticator, DUO Mobile,Microsoft Authenticator, and Authy. Password vault software (e.g., Keeper Security, LastPass,1Password, ) often include support for TOTP, as well. Keeper Security has been validated and iscovered here.Passcode DurationAbond SFT website passcodes generated by an authentication app are valid for 30 seconds.Passcodes delivered via email are valid for 10 minutes. When the passcode is close to expiring, it isrecommended to wait for (or request) another passcode. The system will not accept an expiredpasscode.RecommendationsGeneral If you are unfamiliar with authentication apps, the email option is recommended.o It is the easiest option to enable and assuming you always have easy access to youremail, it is also easy to use.o The instructions for enabling the email option during sign-in are here. Instructions forenabling the email option after sign-in are here.If you are going to use an authentication app, it is slightly simpler to enable two-stepverification from the SFT account settings page than it is during the sign-in process.Authentication Apps Authentication apps are typically free and are available from the Apple App Store or GooglePlay store. Password vaults such as Keeper Security, Last Pass, 1Password, are nottypically free.If you are new to authentication apps, Authy or DUO Mobile are the Abond CROrecommended options.If you are already using an authentication app, it is recommended to add your Abond SFTsign-in passcode to that app rather than using a new authentication app.It is strongly recommended to name each account in your authentication app so that youknow which website/system is associated with each account. Account passcodes cannot beused interchangeably. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 2 of 16

Secure File TransferT wo Step Verification – External UsersRolloutTwo-step verification will be rolled out on the Abond SFT website in two stages. Notificationemails will be sent to prior to the start of each phase.Phase 1 (begins 28FEB2022)Two-step verification will be optional.Upon your first Abond SFT sign-in occurring during phase 1, you will be offered the option toenable two-step verification on your account. You will be able to postpone it if you wish. If you postponeit during your first Phase 1 sign-in, you will be able to turn on two-step verification from your accountsettings page later.Phase 2 (begins 28MAR2022)Two-step verification will be required.If you enabled two-step verification during phase 1, phase 2 will not affect you. If you have notenabled it during phase 1, you will have to enable two-step verification during your first sign-in followingthe start of Phase 2. Once Phase 2 has started, it will not be possible to sign in to the Abond SFTwebsite without using two-step verification.HelpIf you need help, please send an email to HelpDesk@AbondCRO.com.External LinksThe following links are included for added background information/reference. 2-factor authentication (Wikipedia)AuthyDUO MobileGoogle Authenticator (3rd party guide)Microsoft AuthenticatorKeeper SecurityProceduresThe following pages describe, in detail, the process of enabling two-step verification on yourAbond SFT account using the following two-step verification options: email, Authy, DUO Mobile, GoogleAuthenticator, Microsoft Authenticator, and Keeper Security following the start of Phase 1.The procedures are organized firstly by whether you are enabling two step verification duringyour first sign-in or later from your Abond SFT account settings page then, within each of thosesections, the specific authentication options are covered. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 3 of 16

Secure File TransferT wo Step Verification – External UsersEnable two-step verification at Abond SFT sign-inEmail option During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the email option and click ‘Continue’.The system will email a passcode to your Abond email address. Retrieve it, enter it into theprompt on the SFT website, and click ‘Continue’ to complete the login. From now on each time, you sign in to the Abond SFT website it will email the requiredpasscode to your registered email address.Authentication app optionThe process of adding the Abond SFT website to your authenticator app will vary based on the appbeing used. Several major authenticator apps are covered below as is the Keeper Security passwordvault software. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 4 of 16

Secure File TransferT wo Step Verification – External UsersAuthy During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the authentication app option and click ‘Continue’.Open the Authy app on your device (e.g., smartphone/tablet). Click ‘Add Account’ to add a new account.Click ‘Scan QR Code’ and point the device’s camera at the QR code displayed on the SFTwebsite. Authy must be allowed to use the camera.Adjust the name of the new Authy account and/or logo, as needed and click ‘Save’. Click ‘Continue’ on the SFT website. Enter the Authy generated passcode on the SFT website prompt and click ‘Continue’ on theSFT website to complete the login.From now on each time, you sign in to the Abond SFT website you will need to supply thecurrent passcode from your Authy app. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 5 of 16

Secure File TransferT wo Step Verification – External UsersDUO Mobile During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the authentication app option and click ‘Continue’.Open the DUO Mobile app on your device (e.g., smartphone/tablet).orClick Continue or ‘ADD ACCOUNT’ to add your first DUO Mobile account. The DUO interfacewas recently redesigned. Both the old and new design are shown above. If you were already aDUO Mobile user, click ‘ ’ at the top of the app to add a new account.Point the device’s camera at the QR code displayed on the SFT website. DUO Mobile will addthe account and generate a passcode automatically, click “Use a QR Code”, if necessary. DUOMobile must be allowed to use the camera. Click ‘Continue’ on the SFT website.Enter the DUO Mobile generated passcode in the SFT website prompt and click ‘Continue’ tocomplete the login. From now on each time, you sign in to the Abond SFT website you will need to supply thecurrent passcode from your DUO Mobile app. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 6 of 16

Secure File TransferT wo Step Verification – External UsersGoogle Authenticator During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the authentication app option and click ‘Continue’.Open the Google Authenticator app on your device (e.g., smartphone/tablet). Click ‘ ’ at the bottom of the app to add a new account.Select ‘Scan a QR code’.Point the device’s camera at the QR code displayed on the SFT website. Google Authenticatormust be allowed to use the camera. Click ‘Continue’ on the SFT website. Enter the Google Authenticator generated passcode on the Abond SFT website prompt andclick ‘Continue’ on the SFT website to complete the login.From now on each time, you sign in to the Abond SFT website you will need to supply thecurrent passcode from your Google Authenticator app. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 7 of 16

Secure File TransferT wo Step Verification – External UsersMicrosoft Authenticator During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the authentication app option and click ‘Continue’.Open the Microsoft Authenticator app on your device (e.g., smartphone/tablet). Click ‘ ’ at the top of the app to add a new account.Select ‘Other’.Point the device’s camera at the QR code displayed on the SFT website. MicrosoftAuthenticator must be allowed to use the camera. Click ‘Continue’ on the SFT website. Enter the Microsoft Authenticator generated passcode on the SFT website prompt and click‘Continue’ on the SFT website to complete the login.From now on each time, you sign in to the Abond SFT website you will need to supply thecurrent passcode from your Microsoft Authenticator app. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 8 of 16

Secure File TransferT wo Step Verification – External UsersKeeper SecurityThis process assumes you already have a Keeper Security record for your SFT login (not coveredhere). During your first Abond SFT login only, after entering your username and password, the systemwill present the following prompt. Select the authentication app option and click ‘Continue’. Take a screen capture of the QR code displayed on the Abond SFT website (the entire QR codeonly) and save it to your computer as a .JPG or .PNG file.Edit the Abond SFT record in your Keeper Vault. Click ‘Add Two-Factor Code’.Click ‘Upload’.Select the capture file and click ‘Open’.Keeper will add a ‘Two-Factor Code’ to your Keeper record. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 9 of 16

Secure File TransferT wo Step Verification – External Users Click ‘Save’ to save the change to your Keeper record. Click the ‘eye’ to reveal the Keeper generated passcode.Click ‘Continue’ on the Abond SFT website.Enter the passcode from Keeper Security into the prompt on the Abond SFT website and click‘Continue’ to complete the login. From now on, each time you sign in to the Abond SFT website you will need to supply thecurrent passcode from your Microsoft Authenticator app. 2022 Abond CRO Inc. Proprietary and ConfidentialPage 10 of 16