This article covers:
What is multi-factor authentication?
Multi-factor authentication (MFA) is a security measure requiring users to provide multiple verification forms before accessing an account or system. It combines something the user knows, like a password, with something they have or something they are, such as a fingerprint or randomly generated code. This enhances security by making it harder for unauthorised users to gain access.
Enabling MFA on your account
π‘ Please download your preferred authenticator app before enabling MFA on your account (such as Google Authenticator, 1Password or Microsoft Authenticator).
To enable MFA, log into your account and select Profile from the top right-hand drop-down menu:
Scroll down to the Multi-factor authentication section and select Enable:
From here, we will prompt you to link your account with your preferred authenticator app, such as Google Authenticator, 1Password or Microsoft Authenticator.
You can either scan the QR code using the app or manually enter the code displayed under the QR code. This will generate a code that you can enter in the box before selecting Continue:
We will then present you with your recovery codes, which you can either copy or download to save somewhere safe:
β οΈ Please be sure to save these codes in a safe place. If you lose access to your authenticator app, you won't be able to recover your account without them. You may lose your account if you lose recovery codes and we cannot verify you.
Once you have saved your backup codes, select the I've saved my recovery codes tickbox before selecting Confirm.
π‘ Please note that recovery codes are for one-time use only. You will not be able to use the same code more than once.
Disabling MFA on your account
You can disable MFA at any time. To do this, select Profile from the top right-hand drop-down menu:
Scroll down to the Multi-factor authentication section and select Disable:
Then Disable MFA to confirm:
Multi-factor Authentication FAQs
What happens if I lose my recovery codes but can still log in through MFA?
What happens if I lose my recovery codes but can still log in through MFA?
You currently cannot retrieve backup codes after you have set up MFA. You will need to regenerate them using the following steps:
Download the new recovery codes.
What happens if I get locked out of my account?
What happens if I get locked out of my account?
If you cannot access your account via an authentication app, you can use one of the recovery codes you downloaded when setting up MFA. This is why you must download and save your codes securely to recover your account.
Please contact our support team via live chat or email if you do not have a recovery code and cannot complete MFA via an authentication app. However, the account recovery/identity verification process is rigid, specifically for security reasons, and we cannot guarantee recovery.
What should I do if I lose access to my authenticator app/or when I get a new device?
What should I do if I lose access to my authenticator app/or when I get a new device?
If you lose your device or get a new one, you should be able to transfer your authenticator. The process varies based on the provider you are using:
Can I enforce that all team members on my account set up MFA?
Can I enforce that all team members on my account set up MFA?
You cannot do this at this stage. However, you can advise that they must enable MFA as part of their onboarding to Bookwhen.
What should I do about MFA if I need to change my email?
What should I do about MFA if I need to change my email?
Please follow the below steps if you need to change the email address you use to access Bookwhen:
Open your Profile > Multi-factor authentication > Disable MFA
Select your Account settings, then Team > Invite team member > Enter email address > Account owner role > Send invite
Accept the verification email sent to the provided address > Log in with the updated email
Open your Profile > Multi-factor authentication > Enable MFA > Save your recovery codes
I'm selling my business and will be transferring ownership of my Bookwhen account to a new owner using the same email to access Bookwhen
I'm selling my business and will be transferring ownership of my Bookwhen account to a new owner using the same email to access Bookwhen
If selling your business includes transferring the email account that you use to access Bookwhen, please follow the below steps:
On the day of the sale handover, the previous owner should disable MFA for the associated email by selecting Profile > MFA > Disable.
The new owner should select Forgot password when logging in using the associated email Bookwhen account and set a new password for Bookwhen.
Finally, the new owner can re-enable MFA using the associated email.
I'm selling my business and will be transferring ownership of my Bookwhen account to a new owner who will have a new email to access Bookwhen
I'm selling my business and will be transferring ownership of my Bookwhen account to a new owner who will have a new email to access Bookwhen
If you are selling your business to a new owner who intends on using a different email address to access Bookwhen, please follow the below steps:
Invite the person who is to be the new Account Owner to the account and ask them to set up MFA.
On the date of sale, the previous owner should disable MFA, and the new owner can remove the previous owner from the team page.
Do I have to authenticate every time I log in?
Do I have to authenticate every time I log in?
If you have MFA enabled on your account, you will need to authenticate each time you log in. However, if you select Remember me for 2 weeks, you will remain logged in on that device for 2 weeks, and we will not prompt you to authenticate during that time.
π‘ Please note: If you log out, use another device or clear your cache/cookies during this period, you must re-authenticate when you log in.
Will resetting the password for a shared account automatically log out any active sessions on other devices, preventing access by a former employee?
Will resetting the password for a shared account automatically log out any active sessions on other devices, preventing access by a former employee?
Yes, resetting the password will log out any active sessions on other devices, but only once the new password has been set using the "Set password" link from the email. However, requesting a password reset alone will not terminate any active sessions in other browsers or devices.
We recommend resetting the password and enabling multi-factor authentication (MFA) to ensure security, especially for shared accounts. This will help prevent unauthorised access, even if a previous session was active.
π¬ Any questions or feedback? There are two ways to get in touch:
For a quicker response, please contact us via live chat on our homepage or your account.
Or send us an email
Thank you! πΊ
Return to the top β¬οΈ
The Bookwhen team wrote this article. Whilst we can recommend external resources, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability or completeness of any information on the mentioned sites. Whilst we regularly update our articles, some processes may have changed since it was written. Please double-check and contact the site directly for any queries.