What is MFA and Why is it Required?
Multi-Factor Authentication, or MFA, is a security protocol for verifying a person’s identity through the use of multiple credentials while logging in to Divvy.
For example, a person inputs their username and password for a web login to Divvy (#1 credential), then receives a text message on their phone to input a unique code in their browser (#2 credential).
Overall, MFA enhances security beyond just a username and password. Usernames and passwords can be stolen or compromised through a variety of methods (phishing, system breaches, insecure password practices, credential stuffing, etc). MFA safeguards your company's information and employees by adding an additional layer of protection so that even if credentials are compromised, a malicious actor still cannot log in and wreak havoc on your company in Divvy.
Currently, all people are required to set up MFA in order to access their account.
1. Do I have to MFA every time I log into Divvy?
A: No. If you set the Remember this Browser setting when logging in, you will only have to MFA once every 30 days (the maximum time for the setting to persist).
If you are using incognito mode, new devices, or blocking cookies, you will be prompted to MFA more often.
2. What MFA options does Divvy currently support?
A: Normal text messaging rates apply when using SMS/Text as the MFA option on your account.
3. I don’t have a phone or the ability to receive SMS/Text messages for MFA. What can I do to continue logging into Divvy?
A: Please contact Divvy Support for assistance
4. I lost my phone or got a new mobile device. How can I access my Divvy account?
A: Admins in your company can reset MFA for people from the “People” page and our Divvy Support team can also assist you with this. If you contact Divvy Support, please be prepared to answer some questions to confirm your identity.
5. I am getting an error message: “seems that your phone number is not valid”. What does this mean?
A: Make sure you are inputting a 10-digit phone number (for US numbers) and not including a “1” in front of your phone number
Also, make sure you are not including an hyphens (“-”) or dashes (“/”) in your phone number