Secureframe now requires Multi-Factor Authentication (MFA) for all users with super admin, admin, and auditor roles. MFA adds an extra layer of protection by requiring users to verify their identity with a secondary method.

Setting Up MFA

During account setup, whether creating a password or logging in for the first time with Magic Link, you will be prompted to enable MFA.

To set up MFA:

1. Scan the provided QR code or manually enter the setup key into an authentication app (e.g., Google Authenticator or Authy).

2. Enter the one-time passcode (TOTP) generated by the app to complete the setup.
3. Save the displayed backup codes in case access to the authentication app is lost in the future.

Once MFA is enabled, you will need to enter a TOTP code each time you log in, regardless of whether you use Magic Link or a password.

Note: Secureframe does not require MFA for Social Login, as authentication is handled by the provider.

Lost Access to Your MFA Device?

If you lose access to your MFA device, you can use one of the following recovery methods:

• Backup codes: Provided during MFA setup (store them securely!).
• Secureframe Support: If backup codes are unavailable, contact Secureframe Support for identity verification and assistance in regaining access.

Frequently Asked Questions (FAQ)

Can I use SMS for MFA instead of an authenticator app?

• No, Secureframe only supports Time-Based One-Time Passwords (TOTP) through an authenticator app.

Is MFA required every time I log in?

• Yes, MFA is required at every login attempt via Magic Link or direct login with email and password.