Multi-Factor Authentication (MFA) Overview
To better protect your financial data, Qvinci has enabled multi-factor authentication in our platform. In today's world, helping businesses and individuals protect their secure data environment is essential. In Qvinci, this is a company-/client-specific option. Enabling MFA for your company/client is easy. There are only five steps that the account administrator has to take to require ALL users to enable MFA, or individual users can enable it for themselves. Once enabled, you can use either Microsoft Authenticator or Google Authenticator to retrieve your valid PIN.
Step 1: Log in
Step 2: Select your company or client
Step 3: Select "Account>Profile"
Step 4: Select "Manage MFA"
Step 5: Select "Enable MFA" and "Remember Me" for 30 if that is your choice and click "Save"
How it works
- Account admin can require ALL users to enable MFA or individual users can enable it for themselves via profile
- User can enable MFA via Account → Profile → Manage MFA
On the "Manage" page, once MFA is enabled, a user has three options:
1: "Remember Me" (for 30 days) - This will allow the user to log in without entering a PIN for 30 days. "Remember Me" will not take effect until the user has entered a valid PIN at least once.
2: "Recovery Email" - This will allow the user to have a one-time PIN emailed to the provided email address to allow logging in when an authenticator is unavailable. This PIN expires after 10 minutes. The email address will default to the Qvinci login address, but cannot be changed.
3: "Reset MFA Account" - This will allow the user to reset the MFA associated with your account.
The MFA process consists of three primary page popups.
1: QR Code Page
This page allows the user to create an account tied to Qvinci in either Google Authenticator or Microsoft Authenticator. The account can be created by scanning the QR code with a phone or by entering the provided authenticator key in the app.
2. Authenticator PIN page
This page completes the Qvinci login process if MFA is enabled and a valid PIN is entered. The user must enter a valid PIN within three attempts or is returned to the username/password page. If an authenticator is not available, the user can select, "Use a different login method." (This page will not appear if the user has successfully enabled ‘Remember Me’ and 30 days have not expired.)
3. Recovery PIN page
This page allows the user to request a one-time PIN be sent to the user’s email address. The PIN is produced by a cryptographically secure pseudorandom number generator (CSPRNG) and is valid for 10 minutes. Once the PIN is validated, the login process is completed for one time only. When logging in next, the user will still be required to create an authenticator account (if the user has not already done so) or enter an authenticator PIN. This method will not affect "Remember Me" activation. The user must enter a valid PIN within three attempts or is returned to the username/password page.
Notes:
The 3-attempt maximum carries over from the PIN to the recovery page. Two bad PIN entries on the PIN page and one bad entry on the recovery page will return the user to the username/password page.
Currently, if the user needs to create a new Authenticator account:
1. Go to Account → Profile → Manage MFA.
2. Uncheck "Enable MFA" and then save.
3. Return to "Manage MFA," check "Enable MFA" and then save.
The steps required to access your account once MFA has been enabled
Step 1: Log in (a QR code will be shown).
Step 2: Use your phone to enable the QR code to create an account.
Step 3: Using your authenticator, type the code shown in the authenticator PIN field.
Step 4: You are now logged in for 30 days if you have enabled that feature.
Have Questions?
We're More Than Happy To Help
Schedule a Call with Customer Success below, email us at support@qvinci.com or call us at 1-512-637-7337 Ext. 1 Available M-F, 7:30am-6:30pm CT and it is always FREE!
Schedule an Appointment with Customer Success
Comments
0 comments
Please sign in to leave a comment.