How to setup Multi-Factor Authentication (MFA) ?

At KOR, the security of our platform and your data is our top priority, so we continuously invest in new tools and features to keep your data safe, including your passwords. Even the strongest passwords can be compromised and used by an attacker – which is why we invested in security controls that prevent you from using weak or compromised passwords.

One of the best ways to protect your account from a breached or bad password is by having a second form of verification in place, which is another way for your account to confirm it is really you logging in.  KOR has implemented Multi-Factor Authentication (MFA) to confirm it’s really you by providing a one-time-password or code when you log in to our applications.

Setting up MFA

Setting up MFA is part of the signup process. When a new user is created by an admin of your organization (see our article on managing users) the user receives a mail with his temporary password to login to the applications. 

After the user logs in and completes the next step by setting his/her preferred new password, he/she will have to link his/her preferred authenticator app on the MFA Setup page. 

Steps:

  1. First, specify the name of your authenticator app (this name is only used as a hint for a next login in the future)
  2. Next, use the authenticator app to scan the QR code (or copy the secret shown below if for some reason you can't use the QR code).

    ⚠️ If an algorithm / method is requested in your authenticator app please specify "time-based".
  3. Now copy the generated code from your authenticator app and enter it in the code field

Authenticating with MFA

Next time you as a user login you will have to provide your time-based one-time-password using your coupled authenticator application.

Steps:

  1. First, login with your email/password combination.
  2. Open your authenticator application and enter the generated code
  3. Optionally, choose to remember the device as trusted environment. This will result in less required 2 step authentications on subsequent logins.

    ⚠️ Do not select this option if you are authenticating on a public / shared computer. 

Forget device

If you did however select the remember the device as a trusted environment on a public / shared computer, or if you simply want to clean up your environment, you can always forget the device when explicitly logging out of the application.

Steps:

  1. Navigate to the bottom left section of the page and click "Logout"
  2. Make sure the checkbox to "Forget this device as trusted environment" is checked
  3. Click "Confirm" to end your session

Supported Authenticator apps

Supported on both iOS and Android devices:
Other Authenticator apps might work but have not been tested by KOR.