Two-Factor Authentication (2FA, sometimes referred as Multi-factor Authentication, or MFA) is an increasing requirement in modern applications to provide maximum security to your account.

Applications may require one of the following 'factors' - something you know, something you have, or something you are.

inmydata security supports two of the above factors by means of a password (something you know), and a one-time pass code (something you have).

We insist that administrative users implement 2FA on their user accounts to strengthen the security of their data.  Passwords on their own do not offer strong security, due to use of weak passwords and frequent password re-use.

We cannot enforce 2FA if you are using an external login provider (such as Microsoft or Google), however we strongly recommend that 2FA is enabled in your provider's account if you are using it to log in to inmydata.

To obtain pass codes, you will need to install an authenticator app, on your mobile phone or computer.  Popular apps are Google Authenticator and Authy, with many more available.

When setting up 2FA, you will be given a code (via the QR Code, or the "copy key to clipboard" button).  We strongly advise that you back-up, or keep a copy, of this code.  If you lose access to your authenticator app and don't have a copy of the code, you will need another administrator to disable 2FA on your user account; for this reason, we also recommend having more than one administrator.

Follow the instructions in your authenticator app to add your inmydata account.  If asked for an account name, enter your inmydata username.  The code is time-based and has six digits.  The app should then begin generating pass codes.  Enter two successive pass codes from your app in to the fields provided on the inmydata 2FA screen.  Once verified, click 'Enable 2FA'.

If you have 2FA enabled when using our password reset feature, enter the passcode from your authenticator app, otherwise use the code sent in an SMS to your phone.