Overview
mixus provides multiple secure authentication methods to ensure that only authorized users can access your account. Our authentication system is designed to be both secure and user-friendly, offering flexibility while maintaining the highest security standards. MFA is supported but not enforced by default; organizations can require MFA. Every authentication method is protected by advanced security measures including bot detection, brute force protection, and suspicious activity monitoring.How Authentication Works
Secure Authentication Flow
- Identity Verification: Confirm your identity using your chosen method
- Security Validation: Our systems verify the authenticity of your credentials
- Session Creation: A secure session is established for your account
- Ongoing Protection: Continuous monitoring for suspicious activity
Security Features
- Encrypted Communication: All authentication data is transmitted via TLS
- Session Security: Secure session tokens with automatic expiration
- Activity Monitoring: Real-time detection of unusual sign-in patterns
- Device Recognition: Trusted device management and notifications
- Phishing‑resistant options: Passkeys/WebAuthn and hardware security keys (enterprise)
Available Authentication Methods
📧 Email Authentication
Email Codes (Magic Codes)- Receive a 6-digit verification code via email
- Codes expire after 10 minutes for security
- Perfect for users who prefer not to remember passwords
- Works on any device with email access
- Click a secure link sent to your email to sign in instantly
- Links expire after 24 hours or first use
- No passwords or codes to remember
- Seamless experience across devices
🔐 Password Authentication
Strong Password Requirements- Minimum 8 characters with complexity requirements
- Automatic checking against known breached password databases
- Password strength indicator to help create secure passwords
- Optional password history to prevent reuse
- Secure password hashing using industry-standard algorithms
- Account lockout protection against brute force attacks
- Password reset via secure email verification
- Optional password expiration policies for organizations
🔗 Social Authentication
Popular Social Providers- Google: Sign in with your Google account
- GitHub: Perfect for developers and technical users
- Microsoft: Enterprise-friendly with Azure AD integration
- Apple: Privacy-focused authentication for iOS users
- LinkedIn: Professional network integration
- No additional passwords to remember
- Leverages existing trusted accounts
- Faster sign-in experience
- Automatic account linking when using multiple methods
📱 SMS Authentication
SMS Verification Codes- Receive verification codes via text message
- Codes expire after 5 minutes for security
- Available in most countries worldwide
- Perfect for mobile-first users
- Phone number verification to prevent abuse
- Rate limiting to prevent SMS spam
- Integration with trusted SMS providers
- Support for international phone numbers
🏢 Enterprise Authentication
Single Sign-On (SSO)- SAML 2.0 integration with enterprise identity providers
- OpenID Connect (OIDC) support
- Automatic user provisioning and deprovisioning
- Custom domain and branding options
- Azure Active Directory / Microsoft Entra ID
- Okta
- Auth0
- AWS Cognito
- Google Workspace
- Custom SAML/OIDC providers
Account Security Features
🛡️ Brute Force Protection
- Account Lockout: Temporary lockout after failed attempts
- Progressive Delays: Increasing delays between failed attempts
- IP-Based Protection: Rate limiting from suspicious IP addresses
- CAPTCHA Integration: Human verification when needed
🔍 Suspicious Activity Detection
- Unusual Locations: Alerts for sign-ins from new locations
- New Devices: Notifications when signing in from unrecognized devices
- Time Patterns: Detection of unusual sign-in timing
- Behavior Analysis: Machine learning-based anomaly detection
📊 Session Management
- Secure Sessions: Encrypted session tokens with regular rotation
- Session Timeout: Automatic logout after periods of inactivity
- Multiple Sessions: Support for concurrent sessions across devices
- Session Revocation: Ability to log out from all devices remotely
Setting Up Authentication
For Individual Users
- Choose Your Method: Select from available authentication options
- Verify Your Identity: Complete the verification process
- Enable Security Features: Add MFA and security notifications
- Test Your Access: Ensure you can sign in successfully
For Organizations
To enable SSO or enforce MFA organization‑wide, contact security@mixus.ai. Our team will configure these settings for your org (not self‑serve yet).- SSO Setup (by request): Provide IdP details; we complete the configuration
- Password Policies: Define password requirements for your team
- MFA Enforcement (by request): We can enforce MFA across your org
- Security Reviews: Periodically review org security policies
Best Practices
Password Security
- Use Strong Passwords: Include uppercase, lowercase, numbers, and symbols
- Unique Passwords: Never reuse passwords across services
- Password Managers: Use a reputable password manager
- Regular Updates: Change passwords if security breaches occur
Account Protection
- Enable MFA: Add multi-factor authentication for extra security
- Monitor Activity: Regularly review your account activity
- Secure Devices: Keep your devices updated and protected
- Trusted Networks: Be cautious when using public Wi-Fi
Organization Security
- SSO Implementation: Use enterprise SSO for centralized control
- Regular Reviews: Conduct periodic access reviews
- Security Training: Educate team members on security practices
- Incident Response: Have procedures for security incidents
Troubleshooting
Common Issues
Cannot receive email codes or links- Check spam/junk folders
- Verify email address is correct
- Ensure email provider allows messages from mixus
- Try resending after a few minutes
- Verify phone number format includes country code
- Check for carrier SMS blocking
- Ensure strong cellular signal
- Try requesting a new code
- Clear browser cache and cookies
- Disable browser extensions temporarily
- Verify social account is not suspended
- Try using a different browser
- Use the email address associated with your account
- Check all email folders including spam
- Ensure link hasn’t expired (24-hour limit)
- Contact support if persistent issues
Getting Help
- Support Center: Comprehensive troubleshooting guides
- Live Chat: Real-time assistance during business hours
- Email Support: support@mixus.com for detailed issues
- Community Forums: Peer support and discussions
Limitations
Current Limitations
- SMS authentication not available in all countries
- Some social providers may have regional restrictions
- Enterprise SSO requires organization setup
- Phone number verification required for SMS authentication
Security Considerations
- Public computers should not be used for sensitive operations
- Shared devices should always use private browsing mode
- VPN usage may trigger additional security verification
- Some corporate firewalls may block certain authentication methods
Related Features
- Multi-Factor Authentication - Add an extra layer of security
- Enterprise SSO - Single sign-on for organizations
- Security Overview - Complete security features
- Account Settings - Manage your authentication preferences
Secure authentication is the foundation of account security. Choose the method that works best for you, and don’t hesitate to enable additional security features like multi-factor authentication for maximum protection.