CBSecurepass
Making electronic signing-in systems affordable
Multi-Factor Authentication (MFA)
End User Guide. How to Set Up and Use MFA
CBSecurepass Platform | Version 1.0 | May 2026
Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) adds a second layer of security to your CBSecurepass admin account. After entering your password, you also enter a 6-digit code from your smartphone. Even if someone knows your password, they cannot log in without your phone.
|
MFA is required for all admin users. If you see a verification screen after logging in, this guide will walk you through the process. |
Step 1 — Sign In With Your Password
The login page looks exactly as before. Enter your username and password as usual.
Figure 1 — The CBSecurepass login page. Enter your Username and Password, then click Login.
1. Enter your Username and Password. These are your existing credentials.
2. Click the Login button.
3. If your credentials are correct and MFA is enabled, you will be taken to either the Setup page (first time) or the Verify page (subsequent logins).
Step 2 — Set Up Your Authenticator App (First Time Only)
This screen appears only once. The first time you log in after MFA is enabled, or after an administrator resets your MFA.
Figure 2 — The MFA Setup page. Follow the three numbered steps to link your authenticator app to your account.
Before You Start, install an Authenticator App
Download one of these free apps on your smartphone before beginning setup:
• Google Authenticator, available on Android and iOS (App Store / Google Play)
• Microsoft Authenticator, available on Android and iOS
• Authy, available on Android, iOS, and desktop
Setup Instructions
4. Install the authenticator app on your phone from your app store.
5. Open the app and tap + or Add account, then choose Scan a QR code.
6. Point your phone camera at the QR code displayed on the Setup page. The account is added automatically.
7. If you cannot scan, tap Enter a setup key in the app and type the code shown under the QR code on screen (e.g. PMEI 4XZL PEKR…). Select Time-based as the account type.
8. Enter the 6-digit code shown in your app into the verification field on the Setup page.
9. Click Confirm & Enable MFA. Setup is complete.
|
TIP: The code in your app refreshes every 30 seconds. If it changes while you are typing, use the new code; both the previous and current codes are accepted to allow for minor time differences. |
Step 3 — Save Your Backup Codes
Immediately after setup, you will see 8 one-time backup codes. These are shown only once and cannot be retrieved again.
Figure 3 — The Backup Codes page. Save all 8 codes before clicking Continue to Dashboard.
10. Click Copy All to copy all 8 codes to your clipboard, then paste them into a password manager or secure note.
11. Or click Print to print the codes and store the printed copy in a locked drawer.
12. Tick the checkbox. I have saved my backup codes in a safe location.
13. Click Continue to Dashboard.
|
WARNING: Each backup code can only be used once. Once all 8 codes are used, you must contact your administrator to reset MFA and generate new codes. These codes are your only way in if you lose your phone. |
Step 4 — Verify Your Identity on Every Login
After the first setup, this screen appears every time you log in after entering your password.
Figure 4 — The Multi-Factor Verification page. Open your authenticator app and enter the 6-digit code shown for CBSecurepass.
14. Open your authenticator app on your phone.
15. Find the CBSecurepass entry, a 6-digit code is shown with a countdown timer.
16. Type the 6-digit code into the Authentication Code field. The form submits automatically when all 6 digits are entered.
17. You are now logged into the dashboard.
Using a Backup Code Instead
If you do not have your phone, enter one of your 8-character backup codes (e.g. 42A9-33B5) in the same field instead of the 6-digit code. The backup code is removed from your list after use.
|
LOCKED OUT? After 5 incorrect codes, your account is locked for 15 minutes. If you cannot wait, ask your administrator to unlock your account from the MFA Status page. |
Administrator Guide — Managing User MFA
Administrators can view, reset, and unlock MFA for any user from two places in the system.
Figure 5 — The MFA Status overview page. Shows enrollment status, last verified time, and action buttons for every user.
Accessing the MFA Status Page
From the User List page, click the shield icon in the toolbar to open the MFA Status overview. This page shows the MFA status of every user at a glance with summary counts at the top.
Figure 6 — The MFA Status overview page shield icon.
Status Badge Reference
|
Badge |
Meaning |
Action Required |
|
Enrolled (green) |
User has set up MFA and it is active |
None |
|
Not Enrolled (red) |
User has never set up MFA |
User must log in — they will be prompted to set up automatically |
|
Reset Pending (yellow) |
Admin has reset MFA — user must re-enrol |
User must log in to re-enrol |
|
Locked Out (red) |
Too many failed code attempts (5+) |
Click Unlock button, or wait 15 minutes |
Admin Actions
|
Action |
Button |
What It Does |
|
Edit User |
Pencil icon |
Opens the Manage User page — MFA panel is visible in the User Info tab |
|
Unlock Account |
Lock icon (yellow) |
Clears the MFA lockout immediately — user can try again right away |
|
Reset MFA |
Refresh icon (red) |
Removes the user's TOTP secret. On next login, they must re-enrol and will receive 8 new backup codes |
|
WHEN TO RESET MFA: Reset when a user gets a new phone, when a user is locked out with no backup codes, or when a user suspects their authenticator has been compromised. |
Frequently Asked Questions
I got a new phone. How do I set up MFA again?
Ask your administrator to reset your MFA from the MFA Status page. On your next login, you will be taken through the setup process again with a new QR code and 8 new backup codes.
My 6-digit code is being rejected. What should I do?
18. Check the timer. If the code is about to expire, wait for the new code and try again.
19. Check your phone's date and time. Go to Settings and ensure "Set automatically" is enabled. TOTP codes are time-based and fail if your clock is wrong.
20. Try a backup code. Enter one of your 8-character backup codes instead.
21. If still failing, ask your administrator to reset your MFA.
I have no phone and no backup codes. How do I log in?
Contact your administrator. They can reset your MFA from the admin panel, which will allow you to set up a new authenticator app on your next login.
My account says Locked Out. What happened?
Your account is temporarily locked because 5 incorrect codes were entered in a row. The lockout clears automatically after 15 minutes, or an administrator can unlock it immediately from the MFA Status page.
Is MFA required on the local / development version?
No. The system administrator can disable MFA for local instances by setting EnableMFA = False in the Web.config file. When disabled, login works exactly as it did before MFA was added.
I used all 8 backup codes. What do I do?
Ask your administrator to reset your MFA. This clears your old TOTP setup. On next login, you will go through setup again and receive 8 new backup codes.
Can I use the same authenticator app for multiple accounts?
Yes. Authenticator apps like Google Authenticator and Microsoft Authenticator support multiple accounts. Each account shows separately with its own 6-digit code.