Today, multi-factor authentication (MFA) is widely used by businesses online and continues to be one of the simplest and most secure ways to access your work.

Lightspeed uses MFA to add an extra layer of security to a user's account to prevent unauthorized access. Using MFA reduces the risk of fraud and identity theft, and it protects businesses from attacks that may compromise data.

MFA requires the user to input their existing password. Then, with a second authentication factor enabled, they will enter a time-based, one-time (OTP/TOTP), six-digit passcode generated by an authorized third-party authentication application that expires after 30 seconds.

Recommended authenticator apps

Lightspeed recommends using Google Authenticator, Microsoft Authenticator, or OneLogin Protect.

Setting up MFA for users

MFA first needs to be set up by each user in the Lightspeed app’s settings.

1. Navigate to Employee settings by clicking on the user name in the sidebar navigation.

   

2. Select Manage MFA Settings.

   

3. Next, select Enable to get started.

   

4. Ensure you are setting up MFA for the desired logged in user. Download Google Authenticator or Microsoft Authenticator on your mobile device, or select the link to see a list of supported authenticator apps to choose from.

5. In the authenticator app, scan the QR code to pair your mobile device, and then enter the code provided by the authenticator app. Then click Pair device.

6. Ensure you’ve saved your provided recovery codes somewhere safe. Then click I saved my codes.
   

   

7. Once finished with the setup, authentication details and factors appear on the main MFA page. You can Pause/Resume MFA or Remove authentication methods as you wish.

   

Logging into Lightspeed products with MFA

Once MFA is set up for the user, the authentication code for login is found in any supported authenticator app, chosen by the user during setup.

As a user, here’s how it works:

1. Log in to a supported product with your username and password.

   

2. Open your chosen authenticator app. In this example, we’re using OneLogin Protect.

   

3. Enter the 6-digit code displayed from the authenticator app. Sometimes it automatically copies on your mobile device, depending on your personal settings. (This one is just an example.)

   

4. Now you are logged in securely to your Lightspeed app.

Using recovery codes with MFA

Recovery codes are the primary resource for account recovery should an account holder lose access to their authorized device or access to the authentication app. The first avenue for recovering an account with two-factor authentication enabled is using the recovery codes you saved during the setup process. Ensure these are saved in a secure location that can be accessed by only the account holder when required.

There are 3 codes in total, and each can be used only one time. Once a code is used, it is no longer valid, and you'll need to use another code on the list next time. When they’re all used, you can click the link in MFA settings to generate new codes.

Removing an authentication factor

In the event that you have lost access to your authenticator app, you can remove an authentication factor in the MFA settings page once you've logged in using an authentication code or with a recovery code.

To remove an authentication factor:

1. Navigate to the Employee settings > Manage MFA settings.
   
2. For the authentication app you wish to remove, select the trash icon.
   
3. Next, select Remove on the Remove only additional authentication method? modal.
   

Once the authentication factor has been removed, you can reconfigure your MFA by setting up a new authenticator app. Refer to the Setting up MFA for users section of this article for more information.

What's next?