- 25 Jun 2024
- 3 Minutes to read
- Print
- PDF
Multi-Factor Authentication (MFA) Settings
- Updated on 25 Jun 2024
- 3 Minutes to read
- Print
- PDF
What is an MFA?
A login password is the first level of security for your Wasabi account. However, a system password can be compromised. Multi-factor authentication (MFA) offers additional security control. A virtual MFA device uses a software application to generate an authentication code. Account access is granted only after a user successfully provides this code—as identity evidence—on an authentication device, such as a smartphone.
You can create one virtual MFA device per Wasabi account or user.
Prerequisites for All Users
MFA can be set up in several ways:
- A Root account user can set up MFA by following the instructions below.
- A Root account user can set up MFA for a sub-user by:
- Clicking Users on the Wasabi menu.
- Clicking the name of a specific sub-user.
- Clicking MFA Settings.
- Following the instructions below. (Repeat these steps for each sub-user.)
- A sub-user can set up MFA by following the directions below if:
- The sub-user has full access to the Wasabi Console as described in the Policies section of Reviewing Details and Editing an Existing User.
- The Root account user has provided permissions via a policy as described in Defining a Policy for Sub-Users to Change Passwords and Enable MFA.
Creating a Virtual MFA Device
Before you get started, you must have access to the device that will host the virtual MFA application. For example, if the MFA will provide a code in a smartphone application, you must have access to the smartphone application when creating the virtual MFA device.
- Click Settings on the Wasabi menu. Or, open the account sign-in drop-down and click Settings.
- Open the Security Settings drop-down. The MFA Settings option is displayed with a secret key and QR code graphic, which is an image of the secret key. For example:
You can use the Refreshbutton to change the QR code and secret key.
Save a copy of the secret key in a secure place. You can clickto copy it to the clipboard. If you lose the MFA device or need to reinstall the MFA software application, you can reconfigure it using the same virtual MFA without creating a new virtual MFA. - You can opt to generate recovery codes. This allows you to access your account in the event that you lose your authentication device. In order to acquire recovery codes, set the Recovery Codes toggle toprior to setting up MFA. Alternatively, you may opt to reset your MFA to be able to acquire recovery codes when you re-enable MFA.Timing is important for the following steps, so you may want to review the remainder of this procedure before proceeding.
- Open the virtual MFA application (such as on the smartphone). If applicable, choose the option to create a new account (a new virtual MFA device).
- Scan the QR code graphic (such as by using your smartphone camera). Or, enter the secret key, where appropriate, in the MFA application.
- When a one-time password appears in the MFA application, enter this password in the Wasabi area labeled, “Authentication Code 1.”Enter this code in Wasabi immediately after you receive it because it is time-based and will expire quickly.
- After approximately 30 seconds, the device will generate a second one-time password. Enter this password in the Wasabi area labeled, “Authentication Code 2.” (Enter it immediately because it, too, is time-based and will expire.)
- Click Activate Virtual MFA.
- If you enabled MFA recovery codes (Step 3 above), continue with the instructions below.
Using MFA Recovery Codes
If you enabled MFA recovery codes, a window similar to the following is displayed.
Signing In With an MFA Code
When you have enabled MFA, the MFA Code area appears on the Wasabi Sign In page. Enter the code displayed on your virtual MFA device.
If you need to recover using a code, click Recovery Options on the Sign In panel. Then enter one of the recovery codes.
Deactivating an MFA Device
Once an MFA device is activated, you will see this screen when you click MFA Settings under Security Settings.
To deactivate the device:
- Click Deactivate MFA Device.
- A screen is displayed indicating that an MFA code (newly generated or recovery code) is required to disable MFA. This provides an extra layer of protection for Wasabi's MFA feature. Enter an authentication code OR a recovery code.
- Click Deactivate.