MFA Reset Policy

Sometimes you need a new phone. Ideally your current one will be replaced by something newer and better, but sometimes we know that's not the case. Whether it slipped from your hand while fishing and is sitting at the bottom of the lake, or just fell out of your pocket into the toilet, we all know that you don't always have the opportunity to migrate to a new phone gracefully. Because of this, it's necessary to prepare for that possibility, by allowing for a secure way to transfer your MFA code to a new device. We have 2 options, listed in order of convenience. 

 

Option 1 - MFA Backup Codes

When initially configuring MFA for a user account, you are required to view your MFA backup codes. Ideally, you will have stored those codes securely, and can use one of them at the MFA prompt during login. This will allow you to login one time per code, so you should immediately go to the "Profile" button in the top right corner, and delete your existing MFA device and create a new one. See this article for more details. Of course if you had easy access to these codes, you probably wouldn't be reading this article, which leads us to...

 

Option 2 - Request from another authenticated user

When your account was created, the partner agreement was signed by an authorized officer at your company, and they had the option after signing to designate a technical point of contact. Either of these users are allowed to request that MFA be reset for any user at the Partner or Company level, provided they can verify their identity sufficiently. There are 3 ways to do this:

  • Option 2.1 By logging into the Servosity Control Panel with their own account, and clicking the "Support" link at the top of the page, they can see a support code, which they can provide our team in order to authenticate themselves.
  • Option 2.2 If neither of these users are able to login to their account to view their support code, they may verify their identity by providing the last 4 digits and expiration date of the credit card on file.
  • Option 2.3 If the billing information cannot be verified, there is a last resort option, but for security reasons we do not publish it to prevent attempts at social engineering the process. If you would like to know this final method, please contact our support department at 800-429-0500 option 2, and we will disclose it to you over the phone.

If all attempts at identity verification fail, our support team will be unable to request an MFA removal, and the request will need to be escalated to our management team in order to make secure arrangements for this necessary but sometimes abused process.

If you have any questions or concerns, please contact our support department at support@servosity.com and we'll be glad to address them with you.