Multi-Factor Authentication (MFA) | FAQs

Below are some frequently asked questions about MFA. To set up MFA, please see this article.

Q: What is multi-factor authentication (MFA)?

A: In addition to your username and password, multi-factor authentication (MFA), also known as two-factor authentication (2FA), adds another layer of security to your account that requires you to provide an additional piece of information to verify that it’s really you. This usually comes in the form of biometric information, or a security code generated by a software-based authenticator on your phone or another physical device.

At CyberGRX, our MFA solution uses software-based authenticators. We recommend using a second device, like your phone, for added security.

Q: Why use MFA?

A: With reported data breaches becoming more and more common, ensuring that your data is safe is more important than ever.

MFA helps ensure that you are logging in with the correct login screen and not one set up by a phishing scheme. Simply knowing an account’s username and password isn’t enough for an attacker to gain access to the account. Lastly, MFA security codes are only valid for a short period of time, giving attackers much less time to attempt gaining access.

While we do offer the option to opt-out of MFA, we highly recommend enabling it on your account for extra security.

Q: How does it work?

A: When you enable MFA on your account, you will be given a QR code to scan using your preferred authenticator app on your smartphone. Once you have MFA enabled, in addition to logging in with your username and password, you must also provide a one-time 6-digit code generated by your authenticator to be granted access to your account.

Q: What is an authenticator app?

A: Authenticators help you manage and generate MFA/2FA security codes for different applications. There are many options available for iOS and Android, including LastPass Authenticator, Google Authenticator, Microsoft Authenticator, and Authy.

When you set up MFA on your CyberGRX account, you may use any authenticator app of your choice.

Q: How long are security codes valid?

A: Each code is valid for 30 seconds. Once a code expires, a new one will be generated in your authenticator app.

Q: Does CyberGRX provide support for authenticator apps?

A: While you may use any authenticator app of your choice to scan the QR code, CyberGRX does not provide official support for authenticator apps. Please contact the respective company for technical support issues with these apps.

If you are having trouble logging into your account with a valid security code, please contact us at support@cybergrx.com, and we will help you reset your account.

Q: Why aren’t there any SMS-based authentication options?

A: The National Institute of Standards and Technology (NIST) has determined that SMS-based MFA/2FA is not as secure and advises using physical tokens or software-based authenticators instead. SMS is particularly vulnerable to SIM swapping or SMS interception. CyberGRX has evaluated the different options available to us and determined that providing MFA/2FA using software-based authenticators to be the most flexible and user-friendly option for our customers.

Q: I entered the security code from my authenticator app and I got a message saying  "wrong code provided."

A: You may have entered a security code just before it expired. Each code is valid for 30 seconds. Once a code expires, a new one will be generated in your authenticator app. Authenticator apps usually show a countdown timer indicating how long the code is valid before the next one is generated.

If you are still having trouble logging into your account with a valid security code, please contact us at support@cybergrx.com, and we will help you reset your account.

Q: I lost my phone / MFA device. What do I do? 

A: Please contact us at support@cybergrx.com, and we will help you reset your account. Once we verify that it’s really you, you will be able to set up your new device.

Q: What are CyberGRX's password requirements?

A: Here are our password requirements:

• One number

• One lowercase letter

• One uppercase letter

• One special character:

  ^ $ * . [ ] { } ( ) ? " ! @ # % & / \ , > < ' : ; | _ ~ ` -

• 10 characters minimum

Q: I changed my name or email address.

A: Please contact us at support@cybergrx.com, and let us know what has changed.

Q: We have added new people to my team.

A: If your company has an administrative user (generally, your company’s primary point of contact for CyberGRX), they can add new people to your team on the Manage my company user accounts page, located in the drop down menu at the top right corner in an account. Each new user will receive an invitation email to log in for the first time.

Your company account's administrator (a.k.a. your company's Primary Point of Contact for CyberGRX) can also add new users to your team if you are having trouble.