Skip to main content
All CollectionsAccounts
Enable multi-factor authentication (MFA, also known as two-factor authentication or 2FA) for added security
Enable multi-factor authentication (MFA, also known as two-factor authentication or 2FA) for added security

How to turn on multi-factor (MFA) / two-factor (2FA) authentication for users, consignors and vendors.

Shandara Hart avatar
Written by Shandara Hart
Updated over 3 months ago

Multi-factor authentication (MFA), also known as two-factor authentication or 2FA, improves security and reduces the risk of unauthorized access to an account by requiring the user to provide two forms of identification in order to access their account: a password and an authenticator code.

  • Password: A a string of characters used to verify the identity of a user in order to access Ricochet. Click HERE to learn more about creating or changing passwords.

  • Authenticator OTP: Authenticator applications (i.e., Google Authenticator) generate a time-based, one-time passcode (OTP), typically six to eight digits long, refreshing approximately every 30 seconds.

2FA can be turned on per user rather than for all users, so you can be selective with who needs a bit of extra security when logging in. For example, because administrators have full access to everything, they may benefit from added protection.


How To Turn On Two-Factor Authentication (2FA):

In Ricochet,

  1. Click Accounts

  2. Click the account type, i.e., Consignors or Users

  3. Click the edit pencil icon to the right of who needs updating

    Under the Details tab,

  4. Toggle ON 2FA

  5. Click Update


Logging In With 2FA For The First Time

From A Web Browser, expand arrow

  1. Go to your store's website or unique Ricochet URL, for example: https://yourstore.ricoconsign.com/login-do not click fake link-

  2. Enter Username (typically your email address)

  3. Enter Password

  4. Click Login

    NOTE: If you don't remember your password, click the "Forgot your password?" reset link.

    On your mobile device,

  5. Open your Authenticator App

  6. Select to Scan a QR code

  7. Reference the code generated on your browser

    *Authenticator views may vary depending on phone and app type.

    In the Ricochet Authentication pop up,

  8. Input the Authentication code from your app

  9. Click Verify

! IMPORTANT !

10. Copy, download, screenshot, or write down 'Your Recovery Codes' *This is important in case you lose your device with your authenticator or are switching to a new device or authenticator.

11. Click I have saved the codes

Now that you have saved your codes and accessed your account with 2FA, going forward, you will enter your username and password and, when prompted, reference your authenticator app to input the code that generates for your store. Authentication is required approximately every 30 days, or in the event you clear your cookies or get a new device.

From An iPad, expand arrow

  1. Open Ricochet POS app

    Verify that you're logging into the correct store name

  2. Enter Username (typically your email address)

  3. Enter Password

  4. Tap Sign In

    NOTE: If you don't remember your password, tap the "Forgot your password?" reset link.

If using an authenticator on your mobile device, expand arrow

  1. Open your Authenticator App

  2. Select to Scan a QR code

  3. Reference the code generated

    *Authenticator views may vary depending on phone and app type.

If using an authenticator on your same iPad, expand arrow

  1. Tap Copy Secret

  2. You will either be sent to your Google Authenticator or you can go to your home screen > Find and select your Authenticator App

  3. Tap Add a code

  4. Input an Account name i.e., Ricochet 2FA

  5. Paste the copied code into the Your key field

  6. Tap Add

NEXT,

  1. Go back into Ricochet POS app to the Ricochet Authentication pop up,

  2. Input the Authentication code from your app

  3. Tap Verify

! IMPORTANT !

4. Copy, download, screenshot, or write down 'Your Recovery Codes' *This is important in case you lose your device with your authenticator or are switching to a new device or authenticator.

5. Tap I have saved the codes

Now that you have saved your codes and accessed your account with 2FA, going forward, you will enter your username and password and, when prompted, reference your authenticator app to input the code that generates for your store. Authentication is required approximately every 30 days, or in the event you clear your cookies or get a new device.


How To Reset 2FA With Recovery Codes:

  1. Go to your store's website or unique Ricochet URL, for example: https://yourstore.ricoconsign.com/login-do not click fake link-

  2. Enter Username (typically your email address)

  3. Enter Password

  4. Click Login

    NOTE: If you don't remember your password, click the "Forgot your password?" reset link.

  5. Click Recover Account below the authentication code prompt

  6. Input Username, Password, Code 1 and Code 2

  7. Click Recover Account

Lost your recovery codes?

An Admin user can remove associated secret and recovery codes to reset 2FA.

As Admin, from within the user/consignor Details tab,

  1. Toggle OFF 2FA

  2. Click Yes to confirm, or No to go back

  3. Click Update

  4. Toggle back ON 2FA

  5. Click Update

The user can now log in with 2FA as if it is the first time.


Did this answer your question?