By default, Elestio uses Email-based MFA, each time you log in to Elestio we will send you an email with a one-time code to enter in our UI to be able to connect. This protection is in place to enforce security and avoid account hacking.
We also have TOTP-based MFA, this is more secure because it's based on an app installed on your phone to generate TOTP codes instead of us sending them by email. So even if your mailbox is compromised your Elestio account will still be safe.
We recommend all users to use TOTP Generator, you can activate it in a few clicks from our dashboard > user profile > Security tab
The process to activate TOTP MFA on your account
- Open the account security tab here: https://dash.elest.io/account/security
- Click on Configure MFA button
- Download an authenticator app: Authy (recommended) or Google Authenticator or Microsoft Authenticator
- Open your authenticator app then scan the QR code on the screen
- Generate a code with your app and enter it on the Elestio screen
- Click on Validate
Done, Strong MFA is now enabled on your account and will be required to login into your Elestio account
You should keep the text version somewhere safe (in orange in the screenshot), this will allow you to recover in case you lose your phone or authenticator app.
If you have lost both your authenticator app and text secret, you can contact our support team with proof of identity to get MFA removed from your account.