We recommend that all Claimable users enable Multi-Factor Authentication (MFA) to maximise the security of your account.
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is an additional security measure used to verify that the person logging into your Claimable account is really you!
Besides your password, it adds another layer of security and helps protect your Claimable account from unauthorised access. When logging in, if we need confirmation that it's really you, we'll prompt you for a security code.
You can obtain the security code by using an authenticator app on your mobile phone or by receiving a text message, depending on your preference.
Once you've provided the correct code, you won't be asked again for a while, unless something significant changes such as the computer/device you are using or your location.
Enabling Multi-Factor Authentication
You can enable Multi-Factor Authentication from the Password & Login tab under Settings, which you can access from the menu in the top right corner and clicking "Edit Profile".
On the Multi-Factor Authentication section you can enable different verification methods by clicking the "Turn On" button next to each.
The available verification methods are:
Authenticator App | Generate a login code via a mobile authenticator app such as Google Authenticator, Authy or LastPass. |
Text Message (SMS) | Receive a login code via text message to your mobile phone. |
One-Time Recovery Code | For emergencies, such as losing your phone or getting locked out, we'll issue you with a one-time recovery code automatically. |
Authenticator App
To enable the Authenticator App MFA method follow the steps on the MFA setup page, starting by (1) scanning the QR code using your authenticator app of choice.
Use your authenticator app to (2) generate a verification code and enter it to verify that everything is working ok.
Once verified, we'll issue you with a One-Time Recovery Code. You'll need this if you ever loose your phone or get locked out of your Claimable account. It will be visible for 10 mins, after which point it will be hidden for security purposes.
As the final step to enable MFA, (3) stash your code somewhere safe and check the "I have saved my One-Time Recovery Code" box, then click "Finish".
Text Message (SMS)
To enable the Text Message (SMS) MFA method follow the steps on the MFA setup page, starting by (1) entering your mobile phone number.
When you receive the code (2) enter it into the "Code" field to verify everything is working ok.
If you already have a One-Time Recovery Code, you won't need another, otherwise we'll issue you one as the final step.
To complete setup, (3) check the "I have saved my One-Time Recovery Code" box, then click "Finish", to confirm that you have stored your One-Time Recovery Code.
One-Time Recovery Code
A One-Time Recovery Code will be issued automatically when you configure either the Authenticator App or Text Message (SMS) method. However, if you ever need to reset your One-Time Recovery Code you can do so by clicking the "Reset" button.
You can only have one valid recovery code at a time, so issuing a new one will replace any previous recovery code you have stored.
Note: One-Time recovery codes are like passwords. Therefore, please store the code in a secure place and treat it like you would a password, by applying the highest level of security. For example, you could store it in a secure password manager such as LastPass or 1Password. Or print a physical copy and keep it in a safe, hidden location, preferably away from your computer.
Resetting Multi-Factor Authentication
If you need to reset MFA, for example when you're switching phones or if you have a new phone number, you'll need to reset your MFA configuration.
You can reset MFA methods by clicking the "Reset" button on the Password & Login tab.
This will remove the existing setup and initiate a new MFA configuration process. Follow the steps described above to enable the new MFA method.
Disabling Multi-Factor Authentication
Once enabled, we advise against disabling Multi-Factor Authentication because it adds an important layer of security to your account.
However, if you need to disable MFA for any reason, you can do so by clicking the "turn off" button.
Logging in with Multi-Factor Authentication
Once MFA is enabled on your account, we will prompt you for a login code from time-to-time when we require additional verification that it's really you.
If you have configured more than one MFA method on your account, you can switch to an alternative method during the login process. This might be useful if there is a problem with your authenticator app or you are unable to receive text messages, for example.
If you have no way to generate a login code, such as losing or changing your mobile device or phone number, you can use your One-Time Recovery Code to satisfy the MFA requirement at login.
Once you've used a recovery code to login, it can be discarded and a new one will be issued. You should make a note of the new code right away, in case you need it again in the future.
Your new recovery code replaces the previous code that you used to login.
Note: One-Time recovery codes are like passwords. Therefore, please store the code in a secure place and treat it like you would a password, by applying the highest level of security. For example, you could store it in a secure password manager such as LastPass or 1Password. Or print a physical copy and keep it in a safe, hidden location, preferably away from your computer.