Email Verification is a simple multi-factor option that emails the user a one-time code to sign in. While this meets requirements of many multi-factor compliance regulations, it is not as secure as a time based token.
Go to System Settings > System Features, and enable Multi-Factor Authentication Mode for Admins or for All Users
βThen choose the Authenticator App Verification
3. The next time a user logs in, they will see a screen similar to the following:
β
4. Then going forward they will be asked for a code to login which they can get from their phone
5. If a user forgets their town, an admin can reset it in the same screen used to reset a password. (Applicants > Search > Tools)
β
6. If you are an admin and forgot your own token, another admin or OpenWater support can reset it for you
Now when admins login, they'll be greeted with the usual admin login page. If they select "remember me," then they will not be asked to complete the MFA Challenge again for 2 weeks. This is on a sliding expiration, so if an admin logs in again in that 2 week period, then the timer will be reset to be 2 weeks again from that point. Another important consideration is that this is cookie based, so if you clear your cookies, it will remove your pre-authorization.