Multi-Factor Authentication, or MFA, is a security protocol for verifying a user's identity through the use of multiple credentials while logging in to Divvy.
For example, a user inputs their username and password for a web login to Divvy (#1 credential), then receives a text message on their phone to input a unique code in their browser (#2 credential).
Overall, MFA enhances security beyond just a username and password. Usernames and passwords can be stolen or compromised through a variety of methods (phishing, system breaches, insecure password practices, credential stuffing, etc). MFA safeguards your company's information and users by adding an additional layer of protection so that even if credentials are compromised, a malicious actor still cannot log in and wreak havoc on your company in Divvy.
- If users are logging in to untrusted or unrecognizable browsers (such as a new device or incognito window), users will be prompted to use MFA every time they log in.
- If users are using trusted browsers, they will be prompted once every 30 days—the maximum time for the setting to persist. However, a user may need MFA again if they are inactive for more than 7 days.
- Currently, SMS/Text is the only MFA setup option available.
- Normal text messaging rates apply when using SMS/Text as the MFA option on your user account.
- If MFA needs to be reset, users can update with their recovery code or admins can reset MFA for users from the “People” page.