What is Two-Factor Authentication (2FA)?
Multi-factor authentication (MFA) is a security method that verifies a user's identity by utilising multiple factors. In addition to a password, MFA requires an additional form of identification. Since Expend users can only have one extra factor, we refer to this feature as two-factor authentication or 2FA for short.
Will 2FA be available for my organisation?
2FA is available to every customer, at no extra cost. All admins in your organisation have the ability to enable or disable it.
Once enabled, all users in your organisation will be required to set up and use 2FA when they log in to Expend. Users can’t opt out of this process. If 2FA is enabled for your organisation, everyone will have to enter a verification code as part of the login process.
How do I enable 2FA for my organisation?
Log in to the Expend web dashboard.
In the sidebar, go to Settings > Company Security
Turn on the “Enforce 2FA for all users” setting.
Do I have a choice of authentication factors?
Expend offers an SMS-based one-time password (OTP) or a choice of authenticator applications that use a time-based one-time password (TOTP) as extra authentication factors.
Which authenticator applications do you support?
All standard authenticator applications are supported. Examples of authenticator applications include Google Authenticator, Microsoft Authenticator, OneProtect, and Authy, among others.
Can I change my 2FA method?
Yes you can. On the web dashboard, go to to Me > User Security, and select the method you wish to use from the dropdown.
When 2FA is enabled, do I have to authenticate my account every time I log into Expend?
There is a “Don't ask me again on this device” feature included. When enabled, you will not be asked to enter a verification code.
If you are a member of multiple organisations and 2FA is enabled for any one of them, you will be asked to enter a verification code when you log into any of your Expend organisations.
What happens if I lock myself out of the authentication process?
When you first set up 2FA, you will be provided with a recovery code. Please store this recovery code securely. You can use it to reset your 2FA if you get locked out of your account.
Will I be able to recover my account if I lose my recovery code?
If you lose the recovery code and you can’t reset 2FA, please get in touch with our support team. In order to reset your account, someone from our support team will liaise with admins of your organisation to securely verify your identity. Identification documents may need to be provided.