Multi-Factor Authentication

Multi-factor authentication (MFA) protects your account, even if your password is compromised.

Why MFA?

With MFA, attackers need:

1. Your password AND
2. Access to your smartphone

Without both, login is impossible.

Set Up MFA

Requirements

• Smartphone with authenticator app
• Recommended: Google Authenticator, Authy, Microsoft Authenticator

Step by Step

1. Open Settings Go to Settings > Security

2. Activate MFA Click Set up MFA

3. Open Authenticator App Open your authenticator app on your smartphone

4. Scan QR Code Scan the displayed QR code

5. Enter Code Enter the 6-digit code from the app

6. Done MFA is now active

Login with MFA

For each login:

1. Enter email and password
2. Enter 6-digit code from authenticator app
3. Log in

Enter Code

The code changes every 30 seconds. Enter the current code. If it doesn't work, wait for the next one.

Backup Codes

When setting up MFA, you receive backup codes:

• 10 one-time codes
• In case you lose your smartphone
• Each code works only once

Store Backup Codes Safely

• Print and store securely
• Save in a password manager
• NOT on the smartphone

Disable MFA

If you need to disable MFA:

1. Go to Settings > Security
2. Click Disable MFA
3. Confirm with your current MFA code

⚠️ Warning: Without MFA, your account is less protected.

Lost Device?

If you lose your smartphone:

1. Use a backup code to log in
2. Disable MFA in settings
3. Set up MFA again with the new device

No Backup Codes?

Contact our support:

• Email: support@corvalis.de
• Proof of identity required

Best Practices

• ✅ Activate MFA for all team members
• ✅ Store backup codes safely
• ✅ Set up authenticator app on new device before deleting the old one
• ❌ Save QR code screenshots
• ❌ Store backup codes digitally on the same device