SecureSign MFA Setup — Add Extra Protection
Learn how to enable and manage multi-factor authentication to protect your SecureSign account against unauthorized access.
Why MFA matters
Passwords can be leaked, guessed, or reused — MFA adds a second layer that dramatically reduces account takeover risk. SecureSign supports multiple MFA methods so users can choose what fits their needs while administrators enforce organization-level policies.
Authenticator apps (recommended)
Use TOTP authenticator apps like Google Authenticator, Authy, or Microsoft Authenticator. Scan the QR code in your account security settings, save your backup codes offline, and register a secondary method to avoid lockout. Authenticator apps are resilient and don’t depend on network connectivity.
Push MFA
Push-based approvals offer one-tap sign-in and contextual information (device, location, application). Review the push notification carefully and only approve requests you initiated. Push MFA is fast and user-friendly while still offering high assurance.
Hardware security keys
For the highest security, register FIDO2-compliant hardware keys. These keys use public-key cryptography so authentication cannot be phished. Ideal for administrators, high-value accounts, and regulated industries.
Recovery planning
Always store recovery codes offline and register at least two methods. If you lose access to your primary device, follow the recovery flow that involves verified contacts and email confirmations. For enterprise users, admin-assisted recovery is available with audit trails.