The Multi-Factor Authentication feature allows an additional layer of security when users log into your Realm. When enabled, a unique 6-digit numeric code is generated and sent to the user attempting to log in. That 6-digit number must be entered within 15 minutes in order to gain access to the account.
Multi-Factor Authentication can only be enabled by a WhatCounts team member. It can be added to an individual realm or all realms within an account, including child realms. Please contact Support to have Multi-Factor Authentication enabled for your account.
Multi-Factor Authentication provides two options through which to receive the authentication code:
- WhatCounts User account email address
- SMS to a valid US mobile phone number
Email is the default method to send the code, as an email address is required for all users. If you prefer to receive the code via SMS message, you can add your Mobile number to your User Profile. To do this:
- Go to CUSTOMER CARE > MY PROFILE.
- Enter your Current Password. No changes can be saved to the profile without validating your password.
- Enter a valid 10-digit US number in the Mobile field. Note: Only 10-digit US mobile numbers are supported at this time.
- Click SAVE.
Login with Authentication
- Go to the Login page and enter your Realm name, Login User Email, and Password, then click SIGN IN. The Send Code page will display to indicate authentication is required.
- Select where to send the code: Mobile, which displays the last four digits of the Mobile number on file, or Email, which displays the email address used in the Login attempt. If you wish to use the same method every time, select Always use this method.
- Click SEND CODE to generate the 6-digit code and receive it at your selected location. The Enter Code page will display, indicated to which location the code was sent.
- When you receive the authentication code, enter it into the Enter Code field. then click SIGN IN to complete the process to log into your Realm.
If you did not received the code, or it has been more than 15 minutes since the code was sent, click Resend the Code. This will take you back to the Send Code page to allow you to change the method, or to simply resend to the same location.
Always Use Method
If you plan to use the same method to receive the validation code each time you log in, you can select Always use this method. If you change your Email address or Mobile phone number at any time after making this selection, the same method will continue to be used. However, if you delete your Mobile number, then the next time you login you will be prompted to select a method, though only Email will be available to select.
If you do not wish to go through authentication for each login attempt, you can select Trust this device. This will mark your current device and browser combination as being verified and will not prompt you again for authentication in the future.
If you login as a different user, to another realm, or from an alternate device or browser, you will receive the prompt to validate. In addition, if you clear the cookies and cache for your browser, you will receive the prompt to validate.
Login Services Disabled
If at any point along the way you enter an invalid combination of Realm, User, Password and Authentication Code more than a few times in a row, your IP will be temporarily blocked from further attempts with a "Login Services Disabled" error. If you need access right away, please contact firstname.lastname@example.org and request the lock to be cleared.
If at any time you reply STOP to the Authentication message, you will no longer receive future messages. In order to opt in to receive messages, text UNSTOP to (877) 200-7012.
If you wish to disable Multi-Factor Authentication for your Realm, please contact Support. Any remembered authentication methods and trusted devices will be cleared the next time the feature is enabled for the Realm.
Released in version 16.05.00.