The aim of this article is to provide background knowledge of Dispel's MFA offerings.
If you already know what you want to do and are looking for step-by-step how to guides, please refer to one of the following articles:
Adding your first MFA method
Adding additional MFA
Recovery Codes
Disabling
Troubleshooting
In this article, you will find:
What is MFA?
What is TOTP?
What are hardware tokens?
Why do I have a password challenge when I want to add MFA?
What are recovery codes, and when do I get them?
What is MFA?
Enabling multi-factor authentication (MFA) means requiring an additional form of authentication beyond your password to log into your account.
By signing in with MFA, you verify that you know your password, and have access to an additional device (either a phone or hardware token, depending on what kind of MFA you choose).
This additional security measure means that your account cannot be accessed by a malicious actor even if they have your password, since they do not have access to your additional device.
What is TOTP?
Temporary one-time passwords (TOTP) are six-digit tokens generated by your TOTP application.
A TOTP application for your phone (recommended) or computer automatically generates a new authentication code that lasts for a short period of time.
There are plenty of good TOTP apps or password managers that have the needed functionality such as:
Store your recovery codes in 1 Password (Download).
What are hardware tokens?
A hardware token is a physical device which acts as a key to your account, such as a YubiKey. To use, plug it into the USB port and press on the button.
Why do I have a password challenge when I want to add MFA?
Sometimes, when you've been logged in for a while and try to add MFA, we ask you to re-enter your password. This extra step is to ensure that you are still you, as opposed to some random person who found a computer with your Dispel account logged in.
What are recovery codes, and when do I get them?
Recovery codes are one-time use codes that you can enter instead of your chosen MFA method. You receive 10 recovery codes when you enable your first MFA.
A recovery code can be used when you do not have access to your 2FA-device generated code. Perhaps because the 2FA-device is broken, stolen, lost or replaced and you forgot to move the 2FA to the new device. For this reason recovery codes should be stored safely as they are the only way to sign in to your account if a generated code is no longer available to you.
Each recovery code can only be used once, but a new batch of recovery codes can be regenerated from the settings page, although we do not recommend this, because regenerating your recovery codes invalidates all previous recovery codes.