Multi-Factor Authentication (MFA) adds an extra layer of security to your account during the login process to prevent someone who isn’t you from accessing it, even if they have your password.
When MFA is enabled, a secondary temporary code is needed when logging in to the Punchh Platform, which only you will have access to receive. That temporary code is created by a 3rd party authentication app, like Google Authenticator or Twilio Authy.
How do I enable Multi-Factor Authentication (MFA)?
Step 1. Download one of the two free authorized applications below based on the device you have.
iOS Device (Apple App Store): https://apps.apple.com/us/app/google-authenticator/id388497605
Android Device (Google Play Store): https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_US&gl=US
iOS Device (Apple App Store): https://apps.apple.com/us/app/twilio-authy/id494168017
Android Device (Google Play): https://play.google.com/store/apps/details?id=com.authy.authy&hl=en_US&gl=US
Step 2. Follow the instructions within the authenticator app you have chosen to begin the setup process.
(Screenshots from Twilio Authy)
The String of numbers shown below is your security token.
This token expires once the count down completes and will refresh with a new number. This is a continuous process to ensure your account stays secure!
Note. If you sign up with SMS, you'll want to "Allow Notifications". This ensures you receive an alert when the code arrives through text message.
Step 4. Login into the Punchh platform using your account credentials and access your account settings page.
When you first login, you will be brought to your dashboard landing page. A link to enable MFA will show at the top like below. This link will take you to your account settings.
If you do not see the link above, you can access your account settings by clicking on the circle with your initials at the top right hand corner of your screen. A drop down will appear and you will click on "Edit Profile".
Step 5. Enable Multi-Factor Authentication (MFA).
Scroll to the bottom of your account settings page and click on the "Enroll for Multi Factor Authentication" button shown below:
You will then be directed to the following page:
The QR code highlighted is important for the next step.
Step 6. Add your Account.
You will have two options to verify:
- Scan QR Code: Use this option to scan the QR code with your device's camera. This pops up within the authenticator app.
- Enter key manually: Use this option to manually type in the security token code generated in the authenticator app on your device. Once code is typed into the field, you will then click the "Enable MFA" button.
Once that process is completed, you will receive the following message at the top left of the same page indicating success! You are now enrolled in Multi-Factor Authentication (MFA).
How do I set up MFA if I do not have a smartphone to use?
If you are unable to download either of these apps to a smartphone then there are desktop options as well. The desktop client for Authy can be downloaded from the link below, or there are google chrome extensions available to be used with Google Authenticator.
Authy Desktop App - https://authy.com/download/