Multi-Factor Authentication, or MFA, is an authentication process which requires the user to present two pieces of evidence to prove their identity. For Certify, the user will need to provide something they know (their password) and something they have (a temporary security code) to successfully authenticate.
MFA will replace security questions as an identity verification measure. Instead of asking a security question, Certify will email or text a unique temporary code to the user during the authentication process. The user will be required to enter the code before Certify grants access to the account. MFA will only be required when Certify detects that the user is logging in from an unrecognized device.
As an Administrator, what can I do to prepare my users for the switch?
Because Certify will be sending a temporary code to users via text message or email, the best way to prepare is to ensure:
- All users have added their mobile number to their profile
- All users have access to the email address they use to log in
- The email address used to log in is a valid address which can receive emails
Will users need to enter a security code during each login attempt?
No. Similar to security questions, Certify will only require MFA when a login attempt does not match previous login activity. Examples of this include: Logging in from a different web browser, IP address, or device. Occasionally, MFA may be triggered when a web browser updates, such as a new version of Google Chrome or Mozilla Firefox.
How frequently will users be asked for additional authentication?
Users can expect to be asked for additional authentication at the same frequency in which Certify currently asks a user to answer a security question. The logic behind when Certify asks for additional authentication is not changing, only the method in which we confirm identity is changing.
Can we require MFA for each login attempt?
Not at this time, but we’d love to hear your feedback! Be sure to submit an idea to our Product Team.
Can our company disable MFA?
MFA will be enabled and required for all users by default. While Certify does not recommend this, administrators may disable the requirement at the company level to allow individual users to opt out of MFA. Users who opt out of MFA will only need to provide their Certify username and password to authenticate. No additional authentication measures will take place.
Can our company continue to use security questions instead of MFA?
No. It is generally accepted that providing a one-time code is more secure than security questions. Our goal is to keep your account as secure as possible while keeping things as easy as possible for your end users.
My company uses SSO. Will I be impacted?
No. Clients using Single Sign On (SSO) will not see a change in their authentication process.
Will I be required to provide additional authentication when switching to a delegate account?
No. Users will only need to provide additional authentication when logging in to Certify. Once the user is logged in, they will not need to authenticate to switch accounts.