Breadcrumbs

Setting up Multi-Factor Authentication

This guide explains how to set up Multi‑Factor Authentication (MFA) using a Time‑based One‑Time Password (TOTP) authenticator app. Most authenticator apps are supported (for example, Microsoft Authenticator, Google Authenticator, Bitwarden).

What is MFA (TOTP)?

MFA adds a second check at sign‑in. After your password, you confirm your identity with a short‑lived numeric code generated by an authenticator app (TOTP). Codes typically refresh every 30 seconds and work offline.

Benefits at a glance:

  • Protects your account even if your password is compromised

  • Short‑lived codes reduce the attack window

  • Works with widely available authenticator apps

When you’ll be asked to set up MFA

  • From Account Settings: You can enable MFA proactively at any time.

  • On login (enforced): If any company your account can access requires MFA and you haven’t set it up yet, you must complete setup before continuing.

What you need

  • A mobile device or desktop running a TOTP authenticator app (e.g., Microsoft Authenticator, Google Authenticator, Bitwarden, 1Password, Authy).

  • Access to your ChainTraced MFA setup screen (from Account Settings or during enforced login).

Set up MFA (recommended path: scan QR code)

  1. Open your authenticator app and choose Add account (or the + icon).

  2. Select Scan QR code.

  3. Point the camera at the QR code shown on the ChainTraced MFA setup page.

  4. Enter the 6‑digit code from the app into the Passcode field in ChainTraced and submit to enable MFA.

Alternative: set up by entering the secret key

  1. In your authenticator app, choose Enter a setup key / Manual entry.

  2. Copy the secret key displayed below the QR code on the ChainTraced setup page and paste it into your app.

  3. Confirm the app is set to Time‑based (TOTP) and 6‑digit codes.

  4. Enter the generated 6‑digit code in ChainTraced and submit to enable MFA.

Having trouble scanning? Increase screen brightness, move closer, or switch to manual entry using the secret key. Ensure your device time is set to automatic so TOTP codes stay in sync.

What happens after enabling MFA

  • You’ll be logged out and must sign in again using your password and an authenticator code.

  • Each future login requires a fresh code from your authenticator app.

How to use MFA at sign‑in

  1. Sign in with your username and password.

  2. Open your authenticator app and read the current 6‑digit code for your ChainTraced account.

  3. Enter the code to complete sign‑in. If the code fails, wait for the next 30‑second rotation and try again.

Reset or move your MFA

  • You still have the current authenticator: Go to Account Settings and choose Reset MFA, then follow the same setup steps to bind a new device (for example, when changing phones).

  • You lost access to your authenticator: Contact support to request an MFA reset. For security, we may require additional verification from someone in your organisation.

We do not issue recovery codes. This reduces the risk of recovery-code leakage, but makes secure ownership verification essential for support‑assisted resets.

Troubleshooting

  • Invalid code every time: Ensure your device date/time is automatic. TOTP relies on accurate time sync.

    • For example: If you have set your device to another time the login process is likely to fail

  • Can’t scan the QR code: Use the manual secret key entry.

  • Multiple devices: You can scan the same QR code with multiple authenticators during setup if you want backup devices. Keep them secure.

Security best practices

  • Lock your authenticator app and device with a passcode or biometric.

  • Do not share screenshots or the secret key for your MFA entry.

  • Consider adding MFA to your email account as well, since email compromise can lead to account takeover via password reset.