Guide to Setting Up Multi-Factor Authentication (MFA) with Authenticator Apps
Purpose: This guide walks you through enabling Multi-Factor Authentication (MFA) using a time-based one-time password (TOTP) authenticator app for stronger account security.
What You’ll Need
Your account username and password
A smartphone with an authenticator app (e.g., Microsoft Authenticator, Google Authenticator, 1Password, Authy)
Stable internet connection
Overview
The Idaho Surplus Line Association Broker portal requires Multi-factor Authentication (MFA). MFA adds a second verification step in addition to your password. You’ll pair your account with an authenticator app by scanning a QR code or entering a setup key, then confirm with a one-time code.
Step-by-Step: Log In and Set Up MFA
Sign in with your username and password.
When prompted to set up Multi-Factor Authentication (MFA), open your authenticator app on your mobile device.
Add a new account in your authenticator app, then choose one of the following methods:
Scan the QR code: Use your phone’s camera within the authenticator app to scan the QR code displayed on the screen.
Enter the setup key manually: If scanning isn’t possible, type the key shown below the QR code into the app (ensure you select the correct time-based option).
Follow your authenticator app’s prompts to generate a verification code.
Enter the current 6-digit code from the app into the verification field on the setup page to complete MFA pairing.
Verification Tips
Codes refresh every 30 seconds; enter the latest code before it changes.
Ensure your phone’s time is set to automatic for accurate code generation.
If the QR code won’t scan, increase screen brightness or switch to the manual key entry method.
Once completed, your account is protected by MFA. On future sign-ins, you’ll enter your password and then a fresh code from your authenticator app.
Security Best Practices
Do not share your setup key or verification codes with anyone.
Consider adding a backup authenticator device (e.g., a secondary phone or password manager TOTP) where permitted.
Store any provided recovery codes in a secure password manager.
Troubleshooting
Code not accepted: Wait for the next code and try again; verify automatic time sync on your device.
Can’t scan QR: Use manual key entry and confirm the type is time-based (TOTP).
Lost device: Contact your administrator or support to reset MFA. Include your account email and note that MFA reset is required.
