MFA Overview
Multi-Factor Authentication (MFA) adds an additional layer of security by requiring users to provide a second form of verification.
How It Works
- User logs in with username and password
- System prompts for 2FA code
- User enters code from authenticator app
- System verifies code and grants access
TOTP (Time-based One-Time Password)
This application uses TOTP, a standard algorithm that generates 6-digit codes that change every 30 seconds. The codes are generated by an authenticator app on the user's phone.
Configuration
MFA is enabled by default when ASP.NET Core Identity is configured. Users can enable it in their account settings.
Recovery Codes
When users enable MFA, they receive recovery codes. These one-time codes can be used if they lose access to their authenticator app.
Important: Advise users to store their recovery codes
in a secure location separate from their authenticator device.