Multi-Factor Authentication (MFA) in WAX
Multi-Factor Authentication (MFA) adds an extra layer of security to your WAX account by requiring a verification code in addition to your password. Even if your credentials are compromised, only verified users can access their account using a one-time code sent to their WhatsApp number or email.
When is MFA required?
If MFA is enabled for your organization, all members must follow these rules when signing in.
You’ll be asked to complete MFA when:
You haven’t logged in for more than 10 days.
You log in from a new device.
You use a private or incognito browser.
How MFA works
Enter your phone number (optional)
If your organization uses MFA and we don’t have your phone number yet, you’ll be asked to provide it before receiving a code.Receive a verification code
WAX sends you a one-time code by WhatsApp.The code is valid for 5 minutes.
You can request a new code after 30 seconds.
If you receive multiple codes, any still-valid code can be used within the 5-minute window.
Enter the code
If the code is valid, you’re automatically logged in.
If the code is invalid or expired, you can try again.
Use email instead (optional)
You can also choose “Receive the code by email” to authenticate via email instead of WhastApp.
Managing MFA for your organization
To activate the MFA for your organization, ask your CSM first.
Once it's activated, admins can manage MFA in Settings > Organization Settings > MFA.
When MFA is enabled, all members must authenticate using MFA.
When MFA is disabled, members can log in without the extra verification step.