The following instructions will guide you to set up multi-factor authentication (MFA) on your Phish Insight account.


TABLE OF CONTENTS

How to setup MFA in your Phish Insight account.

  1. Click on your name in the upper right corner of your screen, then click the pencil icon.
  2.  Click the Security tabNote: If you use your CLP account, the MFA setup will not be available.
  3. Click the Setup button and enter your Phish Insight account password then click Verify
  4. Once verified, click Next
  5. Scan the QR code with your selected authentication app, then enter the unique 6-digit code provided by the app, then click Next. Example screenshot from your phone’s authenticator app after scanning the QR code.
  6. After you click Next, Phish Insight will generate a set of recovery keys. You should save these on a cloud drive or in a password manager before clicking Finish.
  7. If the MFA setup is successful, the name of your authentication app will appear on the screen, and you will receive an email notification.

This is an example of an email notification you will receive.

How to set up a backup email.

  1. On the Security tab page, click the backup email setubutton and enter your Phish Insight account password then click Verify.
  2. After you click verify, input your backup email address and click Next. Note: This email address needs to be different from the email address you use to sign in and also needs to be from your verified domains.
  3. Input the verification code that was sent to your backup email and click Verify button.
  4. If the backup email is successfully set up, this status will be displayed.

How to remove the setup in MFA and backup email.

  1. On the Security tab page, click the Remove button in the MFA and Backup email section.
  2. Enter your Phish Insight account password then click Verify button.
  3. If MFA and backup email are successfully removed, this status will be displayed and you will receive an email notificationNote: Please remove your account in your authentication app after removing the MFA.

How to login with MFA.

  1. To access Phish Insight using MFA, enter your username and password and click the Sign in button.
  2. You will then need to enter the verification code that is displayed on your authentication app . Click the Verify button after entering the 6-digit code.

How to use the Recovery key.

  1. If you cannot access your mobile device to retrieve the six digit code, Click the Can't access your mobile device link and select Use recovery key.
  2. Enter at least one of the recovery keys you were given when you set up your MFA and click Verify.

How to use Email recovery.

  1. If you cannot access your mobile device to retrieve the six digit code, click can't access your mobile device and select verify by backup email.
  2. Input the recovery key that was sent to your backup email account and click the Verify button.

How to regenerate Recovery key

  1. On the Security tab page, click New recovery keys button in the MFA section.
  2. Enter your Phish Insight account password then click Verify.
  3. Click Next.
  4. After you click nextPhish Insight will regenerate a new set of recovery keys. You should save these on a cloud drive or in a password manager before clicking Finish. Note: Your old recovery keys are no longer valid.

FAQs about MFA.

Please see this article for further information related to setting up MFA on Phish Insight.