Setting Up Multi‑Factor Authentication (MFA)

  • Updated

Who is this article for?
This article explains Multi-Factor Authentication (MFA) and provides instructions for setting up and using Email and Phone (SMS) verification methods to enhance your account security.

What is MFA? Why is it important?

Multi-Factor Authentication (MFA) is a security process requiring more than one piece of evidence (or "factor") to verify your identity when logging in. It adds an essential layer of security beyond just a username and password, making it significantly harder for unauthorized individuals to access your account. Even if a password is stolen, MFA acts as an additional barrier. 

MFA typically combines something you know (like a password) with something you have (like a code sent to your email or phone). This guide focuses on email and SMS verification methods.

Understanding your MFA options: Email and SMS verification

Both email and SMS MFA use One-Time Passcodes (OTPs) - unique codes valid for a single login session or a short time.

Email MFA (One-Time Passcodes to your inbox)

After entering your password, the system sends an OTP to your registered email address. You retrieve this code and enter it to log in.

  • Key Benefits: Familiar, uses existing email, accessible on multiple devices.
  • Security Consideration: Email MFA's security depends on your email account's security. Protect your email with a strong password and be wary of phishing attempts.
  • Crucially, enable MFA for your email account itself. This adds an essential layer of protection to the channel receiving your verification codes.

SMS MFA (One-Time Passcodes via text message)

After entering your password, an OTP is sent via SMS to your registered mobile phone. You enter this code to complete the login.

  • Key Benefits: Convenient, as most people carry their phones.
  • Security Consideration: SMS MFA is vulnerable to SMS phishing (smishing). While better than no MFA, be aware of these risks.

Setting up Email MFA

Partnership Manager portal:

  1. First, log in to your account. Navigate to your 'Profile' (the top right corner of the screen). From your profile, select the 'Security' section.
  2. Click on the 'Via email' card to begin the setup process.
  3. Check your email (including spam) for a code.
  4. Enter the verification code in the application and click 'Verify' to activate Email MFA.
  5. Click 'Done'.
  6. Once the verification code is successfully processed, Email MFA will be enabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been enabled for your account.

Email MFA Set Up.gif

Partner portal:

  1. First, log in to your account. Navigate to 'My Account' (the top right corner of the screen). From your account, select the 'Security' section.
  2. Click on the 'Via email' card to begin the setup process.
  3. Check your email (including spam) for a code.
  4. Enter the verification code in the application and click 'Verify' to activate Email MFA.
  5. Click 'Done'.
  6. Once the verification code is successfully processed, Email MFA will be enabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been enabled for your account.

partne email set up.gif

Setting up SMS MFA

Partnership Manager portal:

  1. First, log in to your account. Navigate to your 'Profile' (the top right corner of the screen). From your profile, select the 'Security' section.
  2. Click on the 'Via text message' and enter your phone number.
  3. Check your phone for a code.
  4. Enter the verification code in the application and click 'Verify' to activate SMS MFA.
  5. Click 'Done'.
  6. Once the verification code is successfully processed, SMS MFA will be enabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been enabled for your account.

sms set up 2.gif

Partner portal:

  1. First, log in to your account. Navigate to 'My Account' (the top right corner of the screen). From your account, select the 'Security' section.
  2. Click on the 'Via text message' and enter your phone number.
  3. Check your phone for a code.
  4. Enter the verification code in the application and click 'Verify' to activate SMS MFA.
  5. Click 'Done'.
  6. Once the verification code is successfully processed, SMS MFA will be enabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been enabled for your account.

set up sms mfa partner 2.gif

Logging in with MFA

⚠️ Important Note for SSO Users: If you log in using SAML Single Sign-On (SSO) or with Google SSO, MFA will not be enforced during your login process through those methods.

How you log in will slightly differ based on the MFA method(s) you've enabled:

Email Only

If you have only set up Email for MFA, after entering your username and password, you will be prompted to enter the code sent to your registered email address. Once the code is successfully verified, you will be logged into your PartnerStack account.

SMS Only

If you have only set up SMS for MFA, after entering your username and password, you will be prompted to enter the code sent to your phone via text message. Once the code is successfully verified, you will be logged into your PartnerStack account.

Both SMS and Email MFA

If you have set up both Email and SMS MFA, after entering your username and password, you will be asked to choose which method (Email or SMS) you'd like to use for verification. After selecting your preferred method, you will be prompted to enter the code sent to either your email or phone. Once successfully verified, you will be logged into your PartnerStack account.new login flow.gif

Disabling MFA

Partnership Manager portal:

  1. First, log in to your account. Navigate to your 'Profile' (the top right corner of the screen). From your profile, select the 'Security' section.
  2. Click the trash can icon associated with the MFA method you want to turn off.
  3. As a security measure, you will be prompted to verify your identity one last time using the MFA method you are about to disable.
  4. Enter the code that will be sent to your phone (if disabling SMS MFA) or your email address (if disabling Email MFA).
  5. After entering the correct code, click 'Verify'.
  6. Once the verification code is successfully processed, MFA will be disabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been turned off for your account.

Disabling MFA 2.gif

Partner portal:

  1. First, log in to your account. Navigate to 'My Account' (the top right corner of the screen). From your account, select the 'Security' section.
  2. Click the trash can icon associated with the MFA method you want to turn off.
  3. As a security measure, you will be prompted to verify your identity one last time using the MFA method you are about to disable.
  4. Enter the code that will be sent to your phone (if disabling SMS MFA) or your email address (if disabling Email MFA).
  5. After entering the correct code, click 'Verify'.
  6. Once the verification code is successfully processed, MFA will be disabled for your account.
  7. You should receive an email notification confirming that Multi-Factor Authentication has been turned off for your account.

disabling partner nfa.gif

Best practices for using MFA securely

Protect your Email and Phone: Use strong, unique passwords for your email. Be cautious of phishing emails and smishing texts. Protect your phone with a PIN or biometrics.

Recognize phishing/smishing: Never share OTPs. Be suspicious of unexpected MFA requests or messages urging immediate action.

Update MFA if contact info changes: If your email or phone number changes, update your MFA settings promptly to avoid lockout.

Troubleshooting common MFA issues

Issue Quick Solution
Not receiving email/SMS code Check spam/junk (email); check phone signal & unblock numbers (SMS); verify correct email/phone registered; try 'Resend Code'
Verification code invalid/expired  Request a new code and enter it promptly (use the most recent one)
Lost access to phone (SMS) or email (Email MFA) Contact support: support@partnerstack.com

Frequently Asked Questions (FAQs)

Q: Can I opt out of MFA?

A: Yes, MFA is currently optional for your account. However, we strongly recommend enabling it to enhance your account security.

Q: What if I get an MFA code I didn't request?

A: If you receive an MFA code you didn't request, do NOT use the code or share it with anyone. This could indicate that someone has your password and is trying to access your account. You should immediately change your account password.

Q: How long is the MFA code valid for?

A: The MFA verification code is valid for 10 minutes from the time it's sent.

Q: How many attempts do I have to enter the MFA code?

A: You have 5 attempts to enter the correct MFA code. After 5 invalid attempts, you will need to wait for 10 minutes to request a new code.

Q: How can I change my phone number for SMS MFA?

A: To change the phone number associated with your SMS MFA, please navigate to your account's Settings. You will typically need to disable the current SMS MFA and then re-enable it with your new phone number, which will involve a verification step.

Q: How often can I change my phone number for MFA?

A: You can change the phone number registered for MFA up to 3 times within a 24-hour period.

Q: How can I change my email address for Email MFA?

A: To change the email address used for Email MFA, go to your account's Security Settings. You'll likely need to update your primary account email first (if it's the same one used for MFA) or specifically update the MFA email contact. This will usually require verification of the new email address.

Q: What if I don’t have a mobile device for SMS MFA?

A: If you don't have a mobile device or prefer not to use SMS MFA, you can choose the Email MFA option to receive verification codes in your email inbox.

Q: How often will I be asked for an MFA code?

A: You'll typically be asked for an MFA code when logging in from a new device, a new web browser, or after clearing your browser cookies.

Q: Can I avoid signing in with MFA each time?

A: Yes. When you sign in with MFA, you may have the option to mark your device as a "trusted device." If you choose this, you won't need to enter an MFA code on that specific device for the next 30 days. After 30 days, you will be prompted for MFA again, at which point you can choose to trust the device again.

Q: Does MFA work internationally?

A: SMS verification is unavailable in Russia and Papua New Guinea. Users in these regions can use email verification.

 

Ready to set up MFA? Sign in to PartnerStack

Was this article helpful?

0 out of 0 found this helpful