2-factor authentication (2FA) / Multifactor Authentication (MFA) is MANDATORY for all Huntress accounts.
In this article
We're enforcing 2FA to enhance the security of our platform and our partners. Relying on just a strong password is not always enough to protect you. With 2FA, a compromise of your password will not grant access to your Huntress account. So, even if your password is taken or your phone is missing, the chances of someone else having access to both factors is unlikely.
Opt-out / disable enforced MFA
Multi-factor authentication cannot natively be turned off. On a case-by-case basis, the Huntress Team can disable enforcement of 2FA/MFA if needed.
Enforced MFA FAQ
I already use DUO but I'm (we're) being prompted to set up a TOTP/OTAP method, did I do something wrong?
At this time, even if you have Duo, Huntress will prompt you to set up a TOTP/OTAP method. In these cases, we're recommending that our Partners all the additional method to their Duo App.
I have 2FA/MFA at my SAML provider already do we still have to set up MFA in Huntress? Yes, at least for now. At the moment we cannot verify that there is MFA at the email of an IdP and we also don't currently have the ability to disable local Huntress logins (using an email and passwords). Disabling of local logins with SSO enabled is coming.