Enrolling in Multifactor Authentication (MFA)
M-RETS is improving our security for Users and Organizations by implementing Multi-Factor Authentication (MFA). This feature will be available to all users. Multi-factor authentication (MFA) works by combining “something you know” (i.e., your credentials) with “something you have” (i.e., a time-based one-time password retrieved via a trusted mobile device) to gain access to a system.
MFA will be an opt-in process for Organizations for the time being. Our implementation will support receiving the MFA key via SMS, authenticator app, email, or phone call. Our goal is to make it as flexible as possible. If you have any concerns or thoughts you would like to share as we complete this work, please contact firstname.lastname@example.org.
Multi-factor authentication has rapidly become a security best practice, and we want to encourage all organizations and users to consider opting into its use in the M-RETS. MFA protects against the risks associated with compromised passwords by adding a layer of security to system authentication. The reality is that employees do fall for phishing scams, and they do share passwords. If you’re not using multi-factor authentication (MFA), your organization is wide open to attacks. A vast, if not one of the biggest, security threat today is the risk of compromised credentials.
How to Turn On Multifactor Authentication (MFA)
- Once logged in, click on your name in the upper corner. Then, click ‘Profile’.
- You will notice the new MFA field under your profile. Click on ‘Edit’. Then, click on ‘Update 2FA Settings’
- Now, you will choose an MFA setting. They are as follows:
- Disabled. Do not require a verification code.
- Every login. Always ask for verification code.
- Once per computer. Trust computers and only ask for verification code every 30 days.
- Enter your phone number and click save. If you have previously installed the Authy app on your phone, you will see M-RETS automatically added you your account.
- Scroll to the bottom of your User Profile and click ‘Save’. You will be automatically logged out and will be asked for a code on your next login.