Multi-Factor Authentication

🔐 Multi-Factor Authentication Overview

tDoc's Multi-Factor Authentication (MFA) provides an essential security layer to protect your account:

🛡️ Security Benefits

MFA significantly enhances your account security by:

• Two-Layer Defense: Requires something you know (password) and something you have (authenticator app)
• Breach Protection: Prevents unauthorized access even if your password is compromised
• Regulatory Compliance: Helps meet security requirements for sensitive data handling

🧩 How MFA Works

📱 Technical Foundation

tDoc implements robust MFA using industry standards:

• Time-based One-Time Passwords (TOTP): Six-digit codes that change every 30 seconds
• QR Code Pairing: Easy setup with authenticator apps like Google Authenticator or Authy
• Secure Verification: Server-side validation of authentication codes
• Persistent Verification: Remember trusted devices for convenient access

🔄 Authentication Flow

When MFA is enabled:

1. Initial Login: Enter your email and password as usual
2. Secondary Verification: Provide the current code from your authenticator app
3. Session Establishment: After verification, access is granted
4. Session Maintenance: Remain logged in based on your session settings

🚀 Setting Up MFA

📲 Enabling MFA for Your Account

Follow these steps to activate MFA:

1. Navigate to Settings: Go to your personal account settings page
2. Locate MFA Section: Find the Multi-Factor Authentication card
3. Initiate Setup: Click the "Setup a new factor" button
4. Name Your Factor: Give your authenticator a recognizable name (e.g., "Phone Authenticator")
5. Scan QR Code: Use your authenticator app to scan the displayed QR code
6. Enter Verification Code: Input the 6-digit code shown in your authenticator app
7. Confirm Activation: Submit the code to complete MFA setup

🔧 Recommended Authenticator Apps

For optimal MFA experience, we recommend:

• Google Authenticator: Simple, widely-used authenticator (iOS/Android)
• Authy: Supports multi-device synchronization and backups (iOS/Android/Desktop)
• Microsoft Authenticator: Integrates with Microsoft accounts (iOS/Android)
• LastPass Authenticator: Works seamlessly with LastPass password manager (iOS/Android)

💼 Managing MFA

📋 Viewing Your MFA Factors

The MFA management interface shows:

• Active Factors: List of all configured authentication methods
• Factor Names: Identifiers you assigned during setup
• Creation Dates: When each factor was added
• Factor Status: Whether each factor is active or disabled

🗑️ Removing MFA Factors

To remove an authenticator:

1. Go to Settings: Navigate to your personal account settings
2. Find MFA Section: Locate the Multi-Factor Authentication card
3. Select Factor: Find the authenticator you want to remove
4. Delete Factor: Click the remove button (X) next to it
5. Confirm Deletion: Acknowledge the security warning

⚠️ Warning: Removing your last MFA factor disables MFA protection entirely. Only do this if absolutely necessary!

🔧 Troubleshooting

🛠️ Common MFA Issues

Solutions for typical MFA challenges:

Cannot Scan QR Code

1. Check camera permissions for your authenticator app
2. Ensure adequate lighting for QR code scanning
3. Try entering the setup key manually (displayed below QR code)
4. If persistent, contact support for alternative setup methods

Incorrect Verification Codes

1. Verify your device's time is correctly synchronized
2. Ensure you're using the most current code in your authenticator app
3. Check that you're using the correct authenticator app if you have multiple
4. Wait for a new code if the current one is about to expire

Lost Access to Authenticator

1. Use recovery codes if you saved them during setup
2. Contact your administrator to reset MFA if recovery options unavailable
3. Verify your identity through alternative means as required

🔍 Advanced Security

🚫 Enforcing MFA for Sensitive Operations

tDoc can require MFA verification for specific actions:

• Billing Changes: Protect payment method updates with MFA verification
• Security Settings: Require MFA to modify security configuration
• API Key Generation: Secure API access with MFA verification

Next Steps

Now that you understand MFA, explore these related security topics:

• Password Management
• Team Access Controls
• API Security