Creating a Virtual Multi-Factor Authentication (MFA) Device
  • 02 Feb 2023
  • PDF

Creating a Virtual Multi-Factor Authentication (MFA) Device

  • PDF

Article Summary

What is an MFA?

A Virtual Multi-Factor Authentication (MFA) device is a security control with which a user is granted access only after successfully providing evidence to an authentication device. A virtual MFA device uses a software application to generate an authentication code. You can create one virtual MFA device per Wasabi account or user.

Creating a Virtual MFA Device

Before you get started, note that you must have access to the hardware that will host the virtual MFA device (application). For example, if the MFA will be used with a virtual MFA application on a smart phone, you must have access to the smart phone when creating the virtual MFA device.

  1. Click Settings on the Wasabi menu. Or, open the account sign-in drop-down and click Settings.
  2. Open the MFA Settings drop-down.
  3. Wasabi displays a QR code graphic and secret key. (The QR code graphic is an image of the secret key.) For example:

    You can use the Refresh  button to change the QR code and secret key.

    Save a copy of the secret key in a secure place. You can clickto copy it to the clipboard. If you lose the MFA device or need to reinstall the MFA software application, you can reconfigure it using the same virtual MFA without creating a new virtual MFA.
  4. You can opt to generate recovery codes. This allows you to access your account in the event that you lose your Authentication Device. In order to acquire recovery codes, set the Recovery Codes toggle to prior to setting up MFA. Alternatively, you may opt to reset your MFA to be able to acquire recovery codes when you re-enable MFA.

    Timing is important for the following steps, so you may want to review the remainder of this procedure before proceeding.
  5. Open the virtual MFA application (such as on the smart phone). If applicable, choose the option to create a new account (a new virtual MFA device).
  6. Use the device camera (such as the smart phone camera) to scan the QR code graphic. Or, Enter the secret key, where appropriate, in the MFA application.
  7. When a one-time password appears in the MFA application, enter this password in the Wasabi area labeled, “Authentication Code 1.”

    Enter this code in Wasabi immediately after you receive it because it is time-based and will expire quickly.
  8. After approximately 30 seconds, the device will generate a second one-time password. Enter this password in the Wasabi area labeled, “Authentication Code 2.” (Enter it immediately because it, too, is time-based and will expire.)
  10. If you enabled MFA recover codes (Step 3 above), continue with the next procedure.

Using MFA Recovery Codes

If you enabled MFA recovery codes, a window similar to the following is displayed.

Be sure to Copy, Download, or Print these codes. Once you click FINISH or close this window, you can no longer access the codes from the Wasabi Console.

When you have enabled MFA, a recovery option appears on the Wasabi login page. For example:

If you need to recover using a code, click Recovery Options. Then enter one of the recovery codes.