On the Security settings page under Settings > Administration > Security settings, you can set up different options to make sure your site is well protected.Here, you can set up 2-step verification to keep your data safe, even if your password somehow mistakenly ends up in the wrong hands. Just switch on the setting Use 2-step verification.
If 2-step verification is active on your site, each user has to verify their account via mobile phone. When logging in, the user enters their username and password, Scoro sends a text with a unique string of numbers to their mobile phone, they type in the code. In addition, each user can add multiple devices to their trusted devices’ list, so Scoro knows it’s them logging in. That way the user doesn't have to sign in via 2-step verification each time. Read how to set up 2-step verification.
To keep your site and user accounts safe, it's recommended to set up an expiry period for user passwords. Just pick the time period from the User password is valid dropdown list. When the validation period is over, the user is asked to change their account password.
Enable session expiration settings for users, so each user can decide the maximum time period for how long they're logged in to their site when inactive. Each user can set up their session duration under Settings > My settings > My security settings. If needed, you can use IP restriction and specify (whitelist) one or more IP addresses from which the users are able to access your site.