Multi-Factor Authentication (MFA) adds an extra layer of security to accounts. It requires users to verify their identity with two or more factors. By combining factors, MFA makes it much harder for attackers to gain access, even if one factor is compromised.

Different types of MFA

  • Account-Based MFA: Requires users to complete an MFA challenge on every login. See Account-Based MFA for more information.
  • Action-Based MFA: Requires users to complete an MFA challenge for sensitive actions, like signing transactions or exporting private keys. See Action-Based MFA for more information.

Different MFA methods

  • Passkey: Requires users to use a passkey to authenticate. See Passkeys for more information.
  • Authenticator App (TOTP): Requires users to use a time-based one-time password (TOTP) to authenticate. See Authenticator Apps for more information.

Configuring MFA

You can configure MFA in the Dynamic dashboard. You can choose to enable one or more MFA methods, you can choose if user is required to add at least one MFA method or not, and you can choose to enforce MFA on login, for sensitive actions, or both.

What to do if a user lost access to their MFA device

If a user loses access to their MFA device, you can reset all their MFA methods from the Dynamic dashboard. Go to the user’s detail page, and click the “Reset MFA” button in the “Account” tab. Once you do that, the user will be able to add a new MFA method on their next login (if set as required), and none of their previously registered MFA devices will be valid anymore.