Multi-factor authentication (MFA) is a security method that verifies a user's identity by utilising multiple factors. In addition to a password, MFA requires an additional form of identification. Since Expend users can only have one extra factor, we refer to this feature as two-factor authentication or 2FA for short.

2FA is now required for every customer. All users in your organisation will need to set up and use 2FA when they log in to Expend. Users can’t opt out of this process. Everyone will have to enter a verification code as part of the login process.

Expend offers an SMS-based one-time password (OTP) or a choice of authenticator applications that use a time-based one-time password (TOTP) as extra authentication factors.

All standard authenticator applications are supported. Examples of authenticator applications include Google Authenticator, Microsoft Authenticator, OneProtect, and Authy, among others.

Yes you can. On the web dashboard, go to to Me > User Security, and select the method you wish to use from the dropdown.

There is a “Don't ask me again on this device” feature included. When enabled, you will not be asked to enter a verification code.

If you are a member of multiple organisations and 2FA is enabled for any one of them, you will be asked to enter a verification code when you log into any of your Expend organisations.

When you first set up 2FA, you will be provided with a recovery code. Please store this recovery code securely. You can use it to reset your 2FA if you get locked out of your account.

If you lose the recovery code and you can’t reset 2FA, please get in touch with our support team. In order to reset your account, someone from our support team will liaise with admins of your organisation to securely verify your identity. Identification documents may need to be provided.