![cdccd4037784792b954880028bbf7390a34ca91e-2.png]](https://support.eddy.com/hs-fs/hubfs/cdccd4037784792b954880028bbf7390a34ca91e-2.png?height=40&name=cdccd4037784792b954880028bbf7390a34ca91e-2.png){kind=small}
Eddy offers two options for Two-Step Authentication: Text Messaging (SMS) authentication, or Mobile App authentication. One or the other is sufficient.
Eddy requires Two-step or Multi-Factor Authentication (MFA) for all users in order to help account information remain secure.
HR and payroll systems are particularly attractive targets for cybercriminals. Recent trends show a significant uptick in HR payroll phishing scams where attackers impersonate employees requesting changes to their paycheck deposit information.
What is MFA?
Multi-Factor Authentication (MFA) is a security process that requires users to provide two or more verification factors to access a system, network, or application. These factors typically include:
-
Something You Know: A password or PIN.
-
Something You Have: A physical token, a mobile device, or an authenticator app.
-
Something You Are: Biometric data, such as fingerprints or facial recognition.
By requiring multiple forms of verification, MFA significantly enhances security by making it more difficult for unauthorized users to gain access, even if they have obtained a password.
To further enhance the security of your account, you will be required to enable two-step verification (also known as multi-factor authentication) as part of the sign-in process for your account access. This means that after entering your password, you will need to verify your identity through an additional step, such as receiving a code via SMS or using an authenticator app.
How to reset MFA
If a worker has lost access to their secondary code or app, you can reset Two-Step Authentication for them in Eddy. Once reset, the user will be asked to set up MFA in their account after their next login.
To reset MFA, go to Reports and click the report called "Two-step authentication enablement".
This report shows a list of the last login for each user, and shows if Two-Step Authentication is enabled for that user. If MFA is enabled for a user, the owner role use has a button to reset the MFA, which will remove the requirement for an MFA token on login for that user. If the owner role needs to reset their own MFA, please contact our Support Team.
How to set up MFA on your account
Visit this help article to set up MFA on yoru own account.