Multi‑Factor Authentication (MFA)
Overview
- MFA adds an additional verification step beyond your password or primary login method
- Supported but not enforced by default; organizations can require MFA
Methods
- Time‑based one‑time passwords (TOTP)
- SMS codes (availability varies by region)
- Hardware security keys (FIDO2/WebAuthn) for enterprise
Best Practices
- Enable MFA on administrator and privileged accounts
- Use recovery codes and store them securely
title: Multi-Factor Authentication (MFA) description: Add an extra layer of security to your account with multi-factor authentication
Overview
Multi-Factor Authentication (MFA) adds an essential extra layer of security to your mixus account by requiring a second form of verification beyond your password. This significantly reduces the risk of unauthorized access, even if your password is compromised. MFA is one of the most effective ways to protect your account, blocking 99.9% of automated attacks and dramatically reducing the risk of account takeover.How MFA Works
The Security Principle
MFA is based on combining two or more of these factors:- Something you know (password, PIN)
- Something you have (phone, authenticator app, hardware key)
- Something you are (biometric data - planned for future release)
Authentication Flow
- Primary Authentication: Sign in with your usual method (email, password, etc.)
- MFA Challenge: System prompts for your second factor
- Verification: Provide the required second factor (code, key press, etc.)
- Secure Access: Gain access to your account with enhanced security
Available MFA Methods
📱 Authenticator Apps (TOTP)
Time-Based One-Time Passwords- Generate 6-digit codes that change every 30 seconds
- Works offline once set up
- Compatible with popular authenticator apps
- Most secure option for everyday use
- Google Authenticator (Android/iOS)
- Microsoft Authenticator (Android/iOS)
- Authy (Android/iOS/Desktop)
- 1Password (with built-in authenticator)
- Bitwarden Authenticator
- Any TOTP-compatible app
- Enable MFA in your account security settings
- Scan the QR code with your authenticator app
- Enter the 6-digit code to confirm setup
- Save your recovery codes in a secure location
📲 SMS Verification
Text Message Codes- Receive 6-digit verification codes via SMS
- No additional apps required
- Works on any mobile phone
- Good backup option for authenticator apps
- Fast delivery (usually under 30 seconds)
- Works internationally with proper phone number format
- Automatic retry if messages fail to deliver
- Rate limiting to prevent abuse
- Less secure than authenticator apps due to SIM swapping risks
- May not work in areas with poor cellular coverage
- Carrier delays can occasionally cause issues
- Best used as a backup method
🔑 Hardware Security Keys
Physical Security Keys- USB, NFC, or Bluetooth hardware devices
- Highest level of security available
- Phishing-resistant authentication
- Perfect for high-security requirements
- FIDO2/WebAuthn compatible keys
- USB-A and USB-C connections
- NFC for mobile device compatibility
- Bluetooth for wireless connectivity
- YubiKey (various models)
- Google Titan Security Key
- SoloKeys
- Feitian Security Keys
- Immunity to phishing attacks
- No dependency on phone or internet
- Long-lasting (years of use)
- Can be shared between multiple services
🛡️ Backup Codes
Recovery Codes- 10 single-use backup codes
- Use when other MFA methods aren’t available
- Essential for account recovery
- Generate new codes if running low
- Print and store codes in a secure physical location
- Each code can only be used once
- Generate new codes if you use several
- Treat these like passwords - keep them secure
Setting Up MFA
Initial Setup
-
Access Security Settings
- Sign in to your mixus account
- Navigate to Account Settings > Security
- Click “Enable Multi-Factor Authentication”
-
Choose Your Method
- Select your preferred MFA method
- Follow the setup instructions for your chosen method
- Test the method to ensure it works correctly
-
Save Recovery Codes
- Download or print your backup codes
- Store them securely (safe, password manager, etc.)
- Never store them on the same device as your authenticator
Managing Multiple Methods
- Primary Method: Your main MFA method for daily use
- Backup Method: Alternative method if primary isn’t available
- Recovery Codes: Last resort for account access
MFA for Organizations
Organization Requirements
Administrator Controls- Require MFA for all organization members
- Set grace periods for MFA setup
- Monitor MFA adoption across the organization
- Generate compliance reports
- Mandate specific MFA methods (e.g., hardware keys only)
- Set different requirements for different roles
- Configure session timeouts based on MFA status
- Require re-authentication for sensitive operations
Enterprise Features
SSO Integration- MFA can work alongside enterprise SSO
- Inherit MFA requirements from identity providers
- Support for conditional access policies
- Integration with existing security infrastructure
Best Practices
Security Recommendations
- Use Authenticator Apps: Prefer TOTP apps over SMS when possible
- Multiple Methods: Set up both primary and backup MFA methods
- Secure Recovery Codes: Store backup codes in a safe place
- Regular Reviews: Periodically review and update MFA settings
- Hardware Keys for High Security: Use hardware keys for sensitive accounts
Operational Tips
- Test Regularly: Ensure your MFA methods work before you need them
- Update Contact Info: Keep phone numbers and email addresses current
- Backup Strategy: Have multiple ways to access your codes
- Travel Preparation: Ensure MFA works when traveling internationally
- Device Changes: Update MFA when changing phones or devices
Troubleshooting
Common Issues
Authenticator app codes not working- Verify time synchronization on your device
- Check that you’re using the correct account in the app
- Ensure the app is properly configured
- Try generating a new code
- Verify phone number format includes country code
- Check for carrier SMS filtering or blocking
- Ensure strong cellular signal
- Try requesting a new code after waiting
- Use backup codes if available
- Contact support with account verification information
- Use alternate MFA method if configured
- Follow account recovery procedures
- Ensure key is properly inserted/connected
- Try different USB ports or NFC positioning
- Check browser compatibility
- Verify key is registered to your account
Account Recovery
If locked out with no MFA access:- Use any available backup codes
- Try alternate MFA methods you’ve set up
- Contact support with identity verification
- Follow our account recovery process
- Set up new MFA methods once recovered
Getting Help
- Self-Service: Account settings include MFA troubleshooting guides
- Support Center: Comprehensive MFA help articles
- Email Support: support@mixus.com for account security issues
- Live Chat: Real-time assistance during business hours
Limitations
Current Limitations
- Biometric authentication not yet available
- Some MFA methods may not work in all countries
- Hardware keys require compatible browsers
- Organization policies may restrict certain methods
Device Requirements
- Authenticator apps require smartphone or tablet
- SMS requires cellular phone service
- Hardware keys need compatible devices and browsers
- Backup codes require secure storage capability
Advanced Security
High-Security Environments
Additional Protections- Require hardware keys for administrative access
- Implement conditional access based on location
- Set shorter session timeouts for sensitive operations
- Enable audit logging for all MFA events
- MFA usage reporting for compliance audits
- Integration with security information systems
- Support for regulatory requirements
- Detailed audit trails and logging
Related Features
- Authentication Methods - Primary sign-in options
- Enterprise SSO - Single sign-on integration
- Security Overview - Complete security features
- Account Recovery - Regain access to your account
Multi-factor authentication is one of the most important steps you can take to protect your account. Set it up today and significantly reduce your risk of unauthorized access.