On this page
- What is two-factor Authentication (MFA)?
- Why was this change implemented?
- Can I turn off MFA?
- How can I verify my contact details?
- Who will be impacted by this change?
- Can I use another authentication option, like Google Authenticator?
- How long is the MFA code valid for?
- Will I need to provide MFA every time I log in?
- Having trouble receiving MFA codes?
What is multi-factor authentication (MFA)?
MFA is like a double-check for logging into your accounts. It makes sure it's really you by asking for two or more proofs of your identity, like:
- Something you know (your password).
- Something you have (a code sent to your email).
Learn more about what MFA is and how it helps protect your account with its added security benefits.
Why was this change implemented?
MC Trade is implementing MFA to provide an added layer of security for client accounts and ensure compliance with industry security standards. Because your MC Trade software has the ability to process credit cards on behalf of your constituents and stores some cardholder data, it is in scope for PCI Compliance and the standards required to meet compliance for your organization.
Can I turn off MFA?
No, this is an industry required security measure. For more details, you can review information on PCI compliance.
How can I ensure that I can receive the MFA email?
Make sure that your user record in MC Trade has a valid, unique email address assigned to it. You or a system administrator can update your email address in the Manage System Users section of the Admin menu in MC Trade.
Who will be impacted by this change?
Any users with access at any level to your MC Trade back-office database are impacted by this change. MFA does not affect member/profile accounts and your members will be able to log in as usual with no changes.
Can I use another authentication option, like Google Authenticator?
No, currently MFA is only available through email verification methods. We do plan to add additional options including authenticator apps/services later this year.
Will I need to provide MFA every time I log in?
You need to provide MFA every 30 days or whenever you switch to a different browser or device, clear your cache and cookies, open a new incognito session, or perform a password reset. Users can choose to 'remember me' for 30 days - your password will always be required when logging in, but the system will remember your previous login on the browser/device and will not prompt for MFA every time.
How long is the MFA code valid for?
The email code is valid for 60 minutes.
Having trouble receiving MFA codes?
- Try re-sending the code.
- Check your email’s junk or spam folders. The email will be from noreply@personifyauth.com. You can add this email to your trusted sender list.
- Ensure you’re not on a public network (e.g., at work or school), as your IT department may be blocking the email.