Multi-Factor Authentication (MFA) is a security technology that requires multiple methods of authentication to verify a user's identity for a login or other transaction. Multi-Factor Authentication combines two or more independent credentials: what the user knows, such as a password; what the user has, such as a security token; and what the user is, by using biometric verification methods. The goal of MFA is to create a layered defense that makes it more difficult for an unauthorized person to access a target, such as a computing device, network or database. If one factor is compromised or broken, the attacker still has at least one or more barriers to breach before successfully breaking into the target.
A common method to implement MFA is the use of smartphone OTP (One-Time Password) apps. Examples of OTP apps are Google Authenticator and Authy, both available on iOS and Android. Once installed and set up, these apps provide a temporary 6-digit numeric code that expires every 30 seconds or so. The user would then enter the code given by the OTP app, in addition to the usual user and password credentials, as part of the login process. Once a temporary code is expired, the OTP app automatically creates a new one. Users should always use the most recent OTP codes for a successful login.
Punchh enables MFA for admin users in order to deter unauthorized access to the Punchh platform. For this reason, Punchh requires admin users to use a smartphone OTP app in order to login to the Punchh platform, in addition to the usual user and password credentials. Note that Punchh does NOT send out OTP codes through email or SMS, as other websites might do. Punchh exclusively makes use of smartphone OTP app for MFA login.
If an admin user needs help setting up MFA in their account, or has lost/replaced the mobile device where they had the OTP app installed, she/he can contact Punchh Support for assistance in resetting the MFA in their account and reconfigure their OTP mobile app again.
In an effort to supply information as quickly as possible, this article has been published prior to a formal technical review, and is subject to factual, grammatical, and various structural errors. Data may be incomplete, misordered, or incorrect.
This additional disclaimer will be removed upon formal review of this article. The standard Punchh Inc. KB Disclaimer still applies, and can be found at: https://support.punchh.com/hc/en-us/articles/360040100273-Punchh-Inc-Knowledge-Base-Disclaimer
If further assistance is required, submit a ticket to Punchh Support. (For help submitting a ticket, click here)