Protecting your account using Multi-Factor Authentication (MFA)

Users who sign in using credentials (email and password) can add an extra layer of security by setting MFA on their account.

To configure MFA you will need a phone or other device as a virtual MFA device. First install an app that is compliant with the RFC 6238 TOTP - Time-Based One-Time password Algorithm. Compatible apps include Google AuthenticatorMicrosoft Authenticator and Authy (among others).

To enable a virtual MFA device

1. Log in to the Whooshkaa Dashboard

2. Click the avatar in the upper-right part of the screen, then click "My Account"

3. Click the MULTI-FACTOR AUTHENTICATION tab. In the configure section you need to click the Show QR Code link to display a QR code that can be scanned in your selected app. Once your app is synced with the QR code you will have to enter two consecutive codes generated by the app and click the "Sync Device" button. If the codes are valid you will see a message indicating that MFA has been successfully configured. Next time you log in you will be asked for a MFA code along with your password.


To remove MFA protection

1. Log in to the Whooshkaa Dashboard
2. Click the avatar in the upper-right part of the screen, then click "My Account"
3. Click the MULTI-FACTOR AUTHENTICATION tab

4. Click the Configure panel, then click the "Remove MFA" button. You will be required to enter your password to confirm the action. If the password is valid you will see a message indicating that MFA protection has been successfully removed. This will invalidate all MFA devices that were previously synced. You will not be asked for a MFA code next time you log in.