Securing Your Account with MFA

Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), adds a critical layer of security to your SecureAlias account. It requires you to provide a code from an authenticator app on your phone in addition to your password when logging in.

Setting Up MFA ("Authenticator App" Method)

  1. Install an Authenticator App:If you haven't already, install an authenticator app on your smartphone. Common choices include Google Authenticator, Microsoft Authenticator, Authy, or Aegis Authenticator (Android).
  2. Go to Account Settings: Log in to SecureAlias and navigate to your Account Page.
  3. Start Setup:Find the MFA section and click the "Enable MFA" or "Set Up MFA" button. This will take you to the MFA setup page (`/mfa/setup`).
  4. Scan QR Code or Enter Key:
    • Open your authenticator app and choose the option to add a new account (usually a '+' icon).
    • Scan the QR code displayed on the SecureAlias setup page with your app.
    • Alternatively, you can manually enter the secret key provided on the setup page into your authenticator app.
  5. Save Recovery Codes: The setup page will display a list of recovery codes. Save these codes in a very safe place (e.g., password manager, printed and stored securely). These codes are essential for regaining access if you lose your authenticator device.
  6. Verify Your Device:Enter the 6-digit code currently displayed in your authenticator app for SecureAlias into the "Verification Code" field on the setup page.
  7. Click Verify & Enable MFA: If the code is correct, MFA will be enabled for your account. You will be redirected to your dashboard or account page.

Logging In with MFA

Once MFA is enabled, after entering your password correctly during login, you will be prompted to enter the current 6-digit code from your authenticator app to complete the sign-in process.

Using Recovery Codes

If you lose access to your authenticator app (e.g., phone lost or broken), you can use one of your saved recovery codes instead of the 6-digit app code during the MFA verification step at login. Each recovery code can only be used once. If you use a recovery code, we recommend disabling and re-enabling MFA soon after to generate a new set of codes.

Important: Keep your recovery codes secure! If you lose both your authenticator device and your recovery codes, you may permanently lose access to your account.

Disabling MFA

You can disable MFA from your Account Page. Find the MFA section and click the "Disable MFA" button. You will be required to enter your current password to confirm this action.

Disabling MFA reduces your account security and is generally not recommended unless necessary.

Need more help? Contact support at securealias@alias.secureinseconds.com