Multi-Factor Authentication (MFA) Settings

What is an MFA?

A login password is the first level of security for your Wasabi account. However, a system password can be compromised. Multi-factor authentication (MFA) offers additional security control. A virtual MFA device uses a software application to generate an authentication code. Account access is granted only after a user successfully provides this code—as identity evidence—on an authentication device, such as a smartphone.

You can create one virtual MFA device per Wasabi account or user.

Creating a Virtual MFA Device

Before you get started, you must have access to the device that will host the virtual MFA application. For example, if the MFA will provide a code in a smartphone application, you must have access to the smartphone application when creating the virtual MFA device.

1. Click Settings on the Wasabi menu. Or, open the account sign-in drop-down and click Settings.
2. Open the Security Settings drop-down. The MFA Settings option is displayed with a secret key and QR code graphic, which is an image of the secret key. For example:

   

   You can use the Refreshbutton to change the QR code and secret key.

   Save a copy of the secret key in a secure place. You can clickto copy it to the clipboard. If you lose the MFA device or need to reinstall the MFA software application, you can reconfigure it using the same virtual MFA without creating a new virtual MFA.
3. You can opt to generate recovery codes. This allows you to access your account in the event that you lose your authentication device. In order to acquire recovery codes, set the Recovery Codes toggle toprior to setting up MFA. Alternatively, you may opt to reset your MFA to be able to acquire recovery codes when you re-enable MFA.
   
   Timing is important for the following steps, so you may want to review the remainder of this procedure before proceeding.
4. Open the virtual MFA application (such as on the smartphone). If applicable, choose the option to create a new account (a new virtual MFA device).
5. Scan the QR code graphic (such as by using your smartphone camera). Or, enter the secret key, where appropriate, in the MFA application.
6. When a one-time password appears in the MFA application, enter this password in the Wasabi area labeled, “Authentication Code 1.”
   
   
   Enter this code in Wasabi immediately after you receive it because it is time-based and will expire quickly.
7. After approximately 30 seconds, the device will generate a second one-time password. Enter this password in the Wasabi area labeled, “Authentication Code 2.” (Enter it immediately because it, too, is time-based and will expire.)
8. Click Activate Virtual MFA.
9. If you enabled MFA recovery codes (Step 3 above), continue with the instructions for Using MFA Recover Codes.

When you have enabled MFA, the MFA Code area appears on the Wasabi Sign In page:

Using MFA Recovery Codes

If you enabled MFA recovery codes, a window similar to the following is displayed.

If you need to recover using a code, click Recovery Options on the Sign In panel. Then enter one of the recovery codes.

Deactivating an MFA Device

Once an MFA device is activated, you will see this screen when you click MFA Settings under Security Settings.

To deactivate the device:

1. Click Deactivate MFA Device.
2. A screen is displayed indicating that an MFA code (newly generated or recovery code) is required to disable MFA. This provides an extra layer of protection for Wasabi's MFA feature. Enter an authentication code OR a recovery code.

   

3. Click Deactivate.