Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Two-Factor (2FA) / Multi-factor (MFA), Backup Codes
Environment: Huntress.IO management portal
Summary: Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) can be recovered through the use of unique, user specific Backup Codes or Recovery Links sent by account administrators.
When two-factor authentication is enabled on an account the user will be presented with backup codes, in case they ever lose access to their 2FA device. If these backup codes are lost, a recovery link must be sent to the user by an Administrator. Once the user can log in, steps will need to be taken to re-enable 2FA.
Note for Resellers: Resellers cannot reset MFA for their customers (child accounts). Please reach out to support to have the MFA reset.
In this article
1Backup codes
2Sending the recovery link
3Resetting 2FA
Backup codes
Backup codes are generated for users when two-factor authentication is enabled. Users are encouraged to put them in a secure place that is backed up (ie: secure password manager) when going through the setup process. They are also instructed to click a button indicating, "I've saved these backup codes."
Sending the recovery link
If a user has lost their token they can simply enter one of the one-time-user backup codes when prompted and proceed to reset their two-factor authentication themselves. The user will need to follow the Resetting Two-factor Authentication instructions.
It happens to the best of us. A user gets a new phone, didn't have a backup, and their two-factor authentication token is gone and they cannot login to dozens of services. If only they had saved their backup codes, right?
To combat this administrators of a Huntress account can send a recovery link to a user in need. The administrator simply needs to log in, click the three-lines menu in the upper-right corner of the Huntress portal and select the "Users" option.
Find the locked out user in the list and click the life ring icon under the "2FA" column of the user list.
This will bring up a box confirming the action. Click "Email Recovery Link" and the user will receive instructions on how to reset their two-factor authentication.
WARNING: If you have lost your two-factor token AND the backup codes for the ONLY admin in your organization you will need to open a support ticket with Huntress and verify your identity to regain access to your account. This can cause delays when accessing your account and we highly encourage you to store your backup codes in a suitable secure location.
Resetting 2FA
When a user is sent a recovery link, the 2FA method that was being used is automatically disabled for the user account. If the user does not re-enable the 2FA method, they will be required to use backup codes every time they log in. See the resetting two-factor authentication article for instructions.