Summary

Multi-Factor Authentication (MFA) is a security process that requires users to verify their identity using multiple forms of authentication before gaining access to an account or system. This layered approach makes it significantly harder for cybercriminals to gain unauthorized access, even if one factor (like a password) is compromised.

MFA is essential in today’s digital landscape because passwords alone are often weak and vulnerable to attacks such as phishing, credential stuffing, and brute-force attempts. By implementing MFA, we can improve the security for our merchants accounts from unauthorized access while maintaining ease of use with modern authentication methods.

Processor

This will be enabled for use with the Portal first but will be expanded to be used with all logins into our system to increase security to sensitive information.

Brand	Available
Adyen	✅ (End of March 2025)
Stripe	✅ (End of March 2025)

<aside> 💡

Note: MFA has been rolled out to internal users as a preliminary test of the system.

</aside>

Process

The MFA process will only ask for authentication once every 12 hours for a user ID. Once you have gone through the authentication process it will not ask for authentication again for 12 hours.

<aside> 💡

Note: Currently the MFA is set up on a voluntary basis for internal personnel only.

</aside>

To turn on the MFA follow the steps below:

Log into the Portal (https://payments.quiltsoftware.com/login/).
On the upper right of the page you will see the drop down for 'Account'. Click on 'Account' and then your username to bring up the user profile.

Accessing your user profile.png

The option to enable and add a MFA will be located at the bottom of the user profile page.

User Profile page.png

Click on the ‘Add’ button either under the Manage Two-factor Authentication section to add an Authentication App or add a SMS-capable phone number.
When you click on 'Add' it will ask you to give the app a nickname or your mobile number.
- If you opted to use the app it will display a QR code to scan with your authentication app. This will link the portal to your app and to finish the setup it will have you validate the auth code on the app.
- If you opted to use the SMS option, the system will come up and ask for your phone number. It will then send an SMS message to that number and ask you to validate the code before it will become validated.

Once the MFA is set up, you will see a request just after you login to the Portal asking to use the MFA, App or SMS message. Select on one of them and it will request the code that is on your app or that was sent to your phone.

Code screen.png