On this page:
What is multi-factor authentication?
Multi-factor authentication (MFA), often referred to as Two-factor authentication (2FA), is an extra layer of security designed to be used alongside your username/email and password login. By adding another verification step to the login process, you can prevent an unauthorised user from accessing your account, even if they know your username/email and password.
How to setup MFA in BeanBox
- You’ll need your BeanBox email address and password. If you already login with email and password, then you’re all set. But if you currently only use Login with Xero, then you need to set a password for logging into BeanBox directly. Here’s how:
- Firstly, logout of BeanBox (Settings cog > Logout)
- On the login screen, click “I’ve lost my password”.
- Go through the password setup process.
- You can then proceed with setting up MFA on your account. (Note – Once you have set a password, you can choose to either login with Xero or login with your email address and password.)
- Next, you’ll need an authenticator app that generates temporary one-time passwords (TOTP). For example, Microsoft Authenticator, Google Authenticator, Authy, LastPass Authenticator or any other MFA app.
- In BeanBox, you can go to your My Account page and click the “Setup Multi-Factor Authentication (MFA)” button.
- You might need to login again to confirm your identity, using your email address and BeanBox password.
- Then click “Get Started”.
- Use your authenticator app and scan the QR code. Or alternatively, copy the code provided into your authenticator app.
- Click “Next” and enter the 6-digit code from your authenticator app.
- On the next screen, you’ll be shown MFA recovery codes.
Click “Copy codes” or “Download” to copy these to a safe place. If you lose your MFA device, or don’t have it with you when you need to login, you can use one of these codes instead of your MFA code to verify your login.
That’s it! You’re all setup.
If you choose Login with Xero we use Xero’s MFA to protect your account. If you instead use your email address and password on the BeanBox login screen, you’ll need your newly setup MFA codes to login.
I don’t have my MFA device. How do I login?
Login with Xero
Firstly, try logging in with Xero instead. (If you don’t have your MFA device for Xero, but have ticked “Trust this device” on the Xero login screen, you should be able to login).
Using One of Your Recovery Codes
If you don’t have your phone that has your MFA codes, you can use your recovery codes to login to BeanBox.
- When asked for the 6-digit code, instead click on “More Options”
- Click “Verify with recovery codes”
- Enter one of the recovery codes from your list. This will allow you to login. Each recovery code can only be used once, so after you’ve used it, delete it from your list. (If you’re close to running out of recovery codes, remove MFA from your account and then re-add it to generate a fresh list of recovery codes).
Don’t have your recovery codes?
If you don’t have your recovery codes, contact BeanBox support, specifying the email address you use to login, and ask for your MFA to be reset.
In order to protect your account, this will not be instant. We respond to these requests within 24 hours.
How to Remove MFA from your BeanBox Login
Go to your My Account page and click the “Remove MFA” button.
How to Ensure Other Team Members Are Using MFA
When you view your list of users on the Company Users page, there is a column that shows which users have MFA enabled on their login.
Note: The MFA enabled column shows whether users have enabled MFA directly within BeanBox. This is used when logging in with an email address and password. If users use Login with Xero, then they will have MFA enabled through Xero. For extra security, these users can also enable MFA directly through BeanBox.
