Multifactor Authentication (MFA) also known as Two-factor authentication (2FA) is a security measure that requires two different ways of proving who you are before you can access something. It’s like having two locks on your diary instead of just one.
For example, when you log in to your email account, you might be asked to enter your password and then enter a code that was sent to your phone. This way, even if someone knows your password, they still can’t get into your account without the code from your phone.
What Are the Factors that Make Up MFA/2FA?
The two ways of proving who you are are called “factors.” The first factor is usually something you know, like a password or a PIN. The second factor is usually something you have, like a phone or a smartwatch.
What are the Benefits of 2FA?
By requiring two factors, 2FA makes it much harder for someone to steal your information or pretend to be you online. It’s an important way to stay safe in today’s digital world.
Frequently Asked Questions
Q: Is there a cost associated with enabling MFA?
A: No, enabling MFA is a free security measure provided in the system to enhance the security of your account.
Q: What methods can I use for MFA?
A: You can choose from SMS/Text, Authenticator App, Auth0 Guardian Push Notification.
Q: How can I set up MFA?
A: We've created a step-by-step guide to help you set up MFA here!
Q: Can I use multiple MFA methods?
A: You can only setup a primary MFA method. If you cannot access your primary method, you can use the recovery code received during multifactor setup.
Q: Can I set up MFA on multiple devices?
A: Yes, if you're using an authenticator app, you must download the authenticator app on each device and ensure it is configured appropriately.
Q: Do you recommend a specific authenticator app for MFA?
A: The system supports any authenticator app that registers through QR code, including those provided by Google, Microsoft, and Twilio. You can choose the one you prefer or find most convenient.
Q: Can I use a hardware token for MFA?
A: While the system primarily supports MFA through methods (SMS and authenticator apps), we are working on supporting more options like hardware tokens.
Q: Can the same phone number or device be used for MFA for multiple accounts?
A: Yes, the same phone number or device can be used for MFA for multiple accounts.
Q: I don't have a smartphone. Can I still use MFA?
A: Yes, if you don't have a smartphone, you can still use MFA through SMS codes sent to your regular mobile phone. A desktop computer or browser base extension such as Authy by Twilio can also be used.
Q: Can I use a landline for MFA?
A: Unfortunately, landlines cannot receive SMS codes or push notifications, which are primary methods for MFA. We recommend using a mobile device or an authenticator app for MFA.
Q: Can I choose when to require MFA for my account?
A: Yes, unless your administrator requires it for all users on your organization.
Q: Can I disable MFA once it's been set up?
A: Yes, as long as it is not required by your organization.
Q: I am an administrator. Can I set up MFA for my team members?
A: As an administrator, you cannot set up MFA for individual team members due to privacy and security reasons. However, you can guide your team through the process and encourage them to set it up on their respective devices.
Q: What should I do if I have trouble setting up MFA?
A: If you have any issues, please contact our support team at support@consensus.com. We're here to help.
Q: How does MFA affect the login process?
A: With MFA enabled, after entering your username and password, you'll be prompted to provide an additional authentication factor such as a code sent to your mobile device or generated by an authenticator app.
Q: Will enabling MFA affect the performance or speed of my services?
A: No, enabling MFA will not affect the performance or speed of your services. It will, however, add an additional step during login for added security.
Q: How often will I need to use MFA?
A: MFA is typically required once per login session, or every 30 days if you check the 'Remember me' option during MFA verification. Some corporate policies remove the browser cache each session, which will require the MFA to be entered more often.
Q: What happens if I receive an MFA prompt while I'm in the middle of work?
A: MFA prompts typically appear when you first log in to your account. If you're receiving prompts while you're in the middle of work, it could be a sign of a security issue. Please report this to our support team at support@consensus.com.
Q: What should I do if I receive an MFA prompt or code without trying to log in?
A: If you receive an MFA prompt without trying to log in, it could be a sign of a security breach. Do not approve the request or share the code with anyone. If you believe that your account may have been breached, please use the “change password” immediately for your user profile. If you cannot access your account, please contact our support team immediately at support@consensus.com.
Q: Will my account get locked if I input the wrong MFA code multiple times?
A: After several unsuccessful attempts, your account might be temporarily locked as a safety measure.
Q: Can I still access my account if I forget my MFA credentials?
A: If you're unable to provide your MFA credentials, or if you cannot access your primary method, you can use the recovery code received during multifactor setup. Additionally, your administrator can reset your MFA option.
Q: Do I need to enable MFA each time I change my device?
A: Yes, if you have changed the device used for MFA, please have your administrator reset your MFA option.
Q: What if I lose my device that I use for MFA?
A: If you lose your device, you can use the recovery code provided at MFA signup to access your account. If you need to have your MFA reset, your administrator can reset your MFA option.
Q: Will my account remain secure if my registered mobile number for MFA is changed or recycled?
A: If you have changed the mobile number used for MFA, please have your administrator reset your MFA option.