Creating a Virtual MFA Device

Multi-factor authentication (MFA) is a security control with which a user is granted access only after suc­cessfully providing evidence to an authentication device. A virtual MFA device uses a software application to generate an authentication code. You can create one virtual MFA device per Wasabi account or user.

Before you get started, note that you must have access to the hardware that will host the virtual MFA device (application). For example, if the MFA will be used with a virtual MFA application on a smart phone, you must have access to the smart phone when creating the virtual MFA device.

  1. Click Settings on the Wasabi menu and open the MFA Settings drop-down.

  2. Wasabi displays a QR code graphic and secret key. (The QR code graphic is an image of the secret key.) For example:

  3. mfa_settings.png 

    You can use the Refresh refresh.png button to change the QR code and secret key.

       Important:   Save a copy of the secret key in a secure place. You can click notepad_1.png to copy it to the clipboard. If you lose the MFA device or need to reinstall the MFA software application, you can reconfigure it using the same virtual MFA without creating a new virtual MFA.

       Note:   Timing is important for the following steps, so you may want to review the remainder of this procedure before proceeding.

  4. Open the virtual MFA application (such as on the smart phone). If applicable, choose the option to create a new account (a new virtual MFA device).

  5. Use the device camera (such as the smart phone camera) to scan the QR code graphic.

  6. Or, Enter the secret key, where appropriate, in the MFA application.

  7. When a one-time password appears in the MFA application, enter this password in the Wasabi area labeled, “Authentication Code 1.”

  8.    Important:   Enter this code in Wasabi immediately after you receive it because it is time-based and will expire quickly.

  9. After approximately 30 seconds, the device will generate a second one-time password. Enter this password in the Wasabi area labeled, “Authentication Code 2.” (Enter it immediately because it, too, is time-based and will expire.)