Knowledge Base

Neto By Maropost

Multi-Factor Authentication (MFA)

Note: PCI Compliance requires that you have at least the MFA or 90-day password expiry policy enabled. So, if you want to opt out of the 90-day password expiry policy, then you must enable MFA, and thereafter, you can choose to enable or disable the password expiry policy.

Install an Authenticator App

Multi factor authentication uses an authenticator app on your phone to verify your identity when you log into your control panel. The authenticator app generates a code during set up, and again when you log in, to ensure that no one else can access your staff user account but you.

We recommend the below free authenticator apps:

Google authenticator (Android/iOS)
Microsoft authenticator (Android/iOS)
Duo Mobile (Android/iOS)

Warning: Once MFA is set up do not delete the app from your phone. Deactivate MFA in your control panel before deleting the app.

Set up MFA

MFA is set up per staff user account in your control panel using the authenticator app. To set up MFA on your account:

In your Maropost Commerce control panel hover over your username in the top right of the page, and click Manage account and password.
Click the Enable MFA button.
In the pop-up window:
- Scan the QR code with your authenticator app.
- Enter your control panel password.
- Enter the code provided in your authenticator app.
Tip: If the code is about to expire, wait until a new one is generated. A new code is generated approximately every 30 seconds.
Click the Enable button before the code changes. Copy the recovery code to a safe place. If you lose access to your phone or the authenticator app, the recovery code is a single-use way to access your account again.

Tip: Click the Disable MFA button on the Manage account and password page to turn MFA off.

Set up MFA (for Partners)

MFA is set up per partner account in the partner portal using an authenticator app. To set up MFA on your account:

Log into the Partner Portal.
In the main menu navigate to Access > Manage MFA.
Click the Enable MFA button.
In the pop-up window:
- Scan the QR code with your authenticator app.
- Enter your control panel password.
- Enter the code provided in your authenticator app.
Tip: If the code is about to expire, wait until a new one is generated. A new code is generated approximately every 30 seconds.
Click the Enable button before the code changes. Copy the recovery code to a safe place. If you lose access to your phone or the authenticator app, the recovery code is a single use way to access your account again.

Tip: Click the Disable MFA button on the Manage MFA page to turn MFA off.

Log In Using MFA

When MFA is enabled on your account there is an additional verification step to log into the control panel:

Enter your username and password into the control panel login page as per usual.
Check your authentication app, and enter the code into your control panel.
Select the Remember this device for 30 days and you won’t need to use the authenticator again for 30 days.

Note: To remember your device you must have cookies enabled.
Click the Log in button.

You’re now logged into your control panel.