What is Multi-Factor Authentication (MFA)?
For a long time, users were authenticated with a username and password, which is not a very secure method, since usernames are often easy to discover or in this case, are an e-mail address.
Very often people also tend to pick simple passwords or use the same password at many different sites, which could present a security vulnerability.
Multi-Factor Authentication is an authentication method that requires users to provide two or more verification factors to successfully login.
There are four different types of authentication factors:
- Something you know: This could be a password, a PIN or answer to a security question.
- Something you have: This could be a physical token, such as a smart card or USB security key, or a virtual token generated by an authenticator app on a user’s smartphone. These virtual tokens are called One-Time Passwords (OTPs) or Time-Based One-Time Passwords (TOTPs).
- Something you are: Biometric information, such as a fingerprint, facial recognition or iris scan.
- Somewhere you are: The geographic location. Some apps and services are only accessible to users located within a specific geographic location. This particular authentication factor is frequently used in “zero-trust security” environments.
Currently, only TOTPs are supported as an additional factor.
This additional layer of authentication ensures that even when a password is compromised, the attacker cannot gain access without the second/additional factor(s).
For this reason MFA can significantly improve security.
Why is MFA useful?
- Enhanced Security: MFA makes it more difficult for attackers to use stolen or compromised passwords.
- Reduced Risk of Phishing attacks: MFA requires an additional form of verification, reducing the effectiveness of phishing attacks that rely on password theft.
- Compliance with regulations: There are organizations which must comply with regulations requiring MFA.
How to enable MFA for your Graphisoft ID?
Multi-Factor Authentication can be enabled on a user level. To do so, follow these steps:
- Login with your Graphisoft ID and go to your Personal profile page.
- Click on Login / Edit, then Multi-Factor Authentication / Change.
(You can reach the MFA configuration page directly with this link too: https://id.graphisoft.com/user/configure/totp) - Scan the QR code or use the manual configuration key and follow the instructions in your authenticator app.
- Enter two consecutive authentication codes, then click Activate to enable MFA for your Graphisoft ID.
How to disable MFA for a Graphisoft ID?
Multi-Factor Authentication can be disabled on a user level. To do so, follow these steps:
- Login with your Graphisoft ID and go to your Personal profile page.
- Click on Login / Edit, then Multi-Factor Authentication / Change.
(You can reach the MFA configuration page directly with this link too: https://id.graphisoft.com/user/configure/totp) - Enter an authentication code and click Deactivate to disable MFA for your Graphisoft ID.
- After the deactivation of MFA, you are informed by e-mail.
- Remove the account from your authenticator app. (If you want to reactivate it, you must re-register the account in the authenticator app.)
Multi-Factor Authentication can also be disabled by the Administrator and Contract Manager. To do so, please follow these steps:
- Login with the Administrator’s/Contract Manager’s Graphisoft ID and go to the Members overview on the Company Management Portal.
- The Members overview provides information about the users, including their MFA status.
- Search the user, open the dropdown menu in the MFA column and select Deactivate.
- Confirm the deactivation of MFA for this user by clicking Deactivate in the following dialog.
- The Administrator/Contract Manager does not need an authentication code to disable MFA for users.
- After the deactivation of MFA, the user is informed by e-mail.
- Remove the account from the user’s authenticator app after MFA was deactivated. (If they want to reactivate it, they must re-register the account in the authenticator app.)
Read more