From version 6.2, PageSeeder supports Multifactor authentication (MFA). MFA adds an extra layer of protection by requiring two different ways to verify you're really you when signing in.
PageSeeder administrators can decide which authenticators are available to you, but they cannot create or manage authenticators on behalf of users, except for the email authenticator.
This article explains the different authentication methods available and how to set them up.
An authenticator is a security tool that verifies your identity beyond only your password. Think of it as a second “key” to your account. These can be:
You'll set up your chosen authenticators in your Security settings and password page. Before an authenticator can be used, you'll need to verify it works correctly by following a few steps.
Will I need to use MFA every time I sign in?
Yes, when MFA is enabled, you'll need to verify your identity with a second factor each time you sign in.
What happens if I lose access to my authenticator?
This is why setting up multiple authenticators and backup codes is recommended. If you lose access to all your authentication methods, contact your PageSeeder administrator.
Which authenticator is most secure?
Security keys and authenticator apps generally provide the highest security because they're less vulnerable to interception than email or SMS codes.
What happens if the wrong code is entered multiple times?
If you repeatedly enter incorrect authentication codes, your authenticator is temporarily disabled as a security measure to protect your account.
When this happens, you need to use an alternative authentication method (if available on your account). If you have no other authentication methods configured, you need to contact your PageSeeder administrator who can create an alternative method.
The following describes the different types of authenticators supported by PageSeeder.
The email authenticator sends a temporary security code to your email address.
Registration process – Select the Send code by email option in your security settings. Your current account email is automatically used by default, but you can opt to use a different email address.
Verification process – You'll receive a verification code by email. Enter this code to confirm ownership of the email address.
Sign-in process – When signing in, you'll receive a case-insensitive 6-character code that is valid for a few minutes. Enter this code in the prompt to complete authentication.
Administrators can create this authenticator on behalf of users using their current email address if MFA is enabled, but they are unable to use other authenticators. There is no need to verify the email authenticator in this case.
The SMS authenticator sends a temporary security code to a verified phone number.
Registration process –Select the Send code by SMS in your security settings and enter your phone number.
Verification process – You'll receive a verification code by SMS. Enter this code to confirm ownership of your phone number.
Sign-in process –When signing in, you'll receive a 6-digit code by SMS that is valid for a few minutes. Enter this code to complete authentication.
This authenticator is disabled by default as it requires a subscription to an SMS service.
An authenticator app shares a secret with an app like Google Authenticator, Microsoft Authenticator or Authy. They are also called Time-based One-Time Password (TOTP) authenticators because they frequently generate new codes based on the shared secret and the current time.
Registration process – Select the Authenticator app option in your security settings and select your app. PageSeeder displays a QR code.
Verification process – Scan the QR code with your authenticator app, which then displays a 6-digit code. Enter this code in PageSeeder to verify the setup is working correctly.
Sign-in process – When signing in, open your authenticator app and enter the current 6-digit code displayed to complete authentication.
This authenticator is based on enabling authentication using security keys, biometrics, or your mobile device.
Registration process – Select the Device or security key option in your security settings. Select Security key, Built-in device authenticator or Another device. Your browser prompts you to register a security key or biometric factor.
Verification process – The verification happens during registration when you confirm the security key or biometric method works.
Sign-in process – When signing in, you'll be prompted to use your security key, fingerprint, facial recognition, or other registered WebAuthn method to authenticate instantly.
PageSeeder only supports this mechanism as a second factor and not for passwordless authentication.
Backup codes provide an emergency access method when other authenticators are unavailable.
Registration process – Select the backup codes option in your security settings. PageSeeder generates a set of 10 single-use codes for you.
Verification process – Unlike other authenticators, backup codes don't require verification. They're automatically activated when generated.
Sign-in process – When signing in, select the backup code option and enter one of your unused codes. Each code can only be used once, after which it becomes invalid.
Store backup codes securely in a password manager or other safe location. If all codes are used up, users can generate a new set in their security settings, but this invalidates any remaining unused codes.
The PageSeeder user manual
© Allette Systems (Australia)