Getting Started with Solo
      Back to home
      1. Solo Help Center
      2. Getting Started with Solo

      MFA Recovery Code Update

      We're making some improvements to MFA to make it more secure. Removing the current MFA method is susceptible to social engineering. A bad actor could call Solo Support and ask for their MFA method to be reset/removed. Then the bad actor logs into the Solo App and sets a new MFA method, resulting in the bad actor taking over the user account. We recently launched recovery codes that users can save and use to access their account in the case that their MFA method is not accessible. Users will be prompted to save the recovery codes on a regular basis and when their account is initially created. Users will also be able to reset their MFA method themselves in their account profile.

      Feature Notes: 

      • New users are prompted to set up their MFA recovery code upon logging into their Solo account for the first time.
      • Existing users can generate a recovery code via the “Generate New Recovery Code” button on the user profile page under the user details.
      • Users that have not set up the MFA recovery method will be prompted to set up their MFA recovery codes when logging into the Solo app.
      • Users that have set up the MFA recovery method will be prompted every 30 days to review and update their recovery settings. If confirmed or dismissed, they will be reminded in 30 days to review the recovery settings. 

       

      Q: What is an MFA recovery code?

      A: A recovery code is a unique code, generated by Auth0, allowing a user to regain account access. In the event that they cannot use their designated MFA method due to connectivity or delivery issues, they can use a recovery code to authenticate.

      Q: Are users required to use the MFA recovery code? 

      A: No, MFA recovery code is not required however, users will be prompted on a regular basis to verify they have or generate a recovery code when logging in to the Solo app. It is strongly recommended to securely store and use in the event the user’s MFA methods are inaccessible.

      Q: How do I change it or reset the MFA recovery code?

      A: In the Solo App in your user profile, you may generate a new MFA recovery code below the user details. Each time a new recovery code is generated, it will invalidate the old code.

      Q: My work provides my laptop and my account for SOLO. So, when I store the recovery code, it will be on a drive that they have access to. How do I keep it safe if they can access it? 

      A: SOLO recommends that you store your recovery code in a safe place, such as your personal cloud storage or other personal device. If the recovery code is stored on a shared device, it’s possible that another individual could use your recovery code to access your Solo App account and circumvent MFA. 

      Q: How does an MFA recovery code work? 

      When using MFA recovery code,

      1. A user starts MFA enrollment.

      2. Auth0 generates a recovery code.

      3. During MFA enrollment the user is shown the recovery code prompt.

      4. The user saves the recovery code and completes the enrollment process.

      5. Now the user can complete MFA with the recovery code they saved if they lose access to their device or account they enrolled for MFA.

      Redirect to the step-by-step article here!


      Q: I can’t login to the Solo App and my MFA method is not accessible. What should I do? 

      A: If you are temporarily unable to use or do not have access to the normal MFA method, log in by entering your recovery  code after the username and password.

      Q: What if I lose the recovery code? 

      A: If you do not have the MFA recovery code and cannot login to the Solo app, contact your account manager or support.