Multi-factor authentication

  • Updated on Feb 13, 2026
  • 3 minute(s) read
Prev Next

Multi-factor authentication (MFA) is enforced for all staff members as our ongoing commitment to system security and protection against phishing attempts (e.g. sending an email impersonating another business in order to try and gain access to that system) or other malicious attempts. Staff members will be prompted to re-authenticate each month (or if they log in from a different device, wi-fi network or IP/location combination).

Staff can opt to use MFA Authenticators. These include:

  • Authenticator apps: including Google Authenticator, Microsoft Authenticator, Apple Passwords app, Duo (which is free to download via https://duo.com) etc;

  • Passkeys on their device (e.g. Face ID, Touch ID etc); or

  • Two-factor SMS authentication

High level admin staff members with the correct permission are also able to manually authenticate staff should they have any issues.

Adding multi-factor authentication (MFA)

Steps

  1. When a staff member first logs in and they haven’t yet set up any MFA, they’ll see an Add Multi-Factor Authentication button on the dashboard and on their My Profile screen.

    1. Dashboard:



    2. Staff My Profile screen:



  2. You will now be presented with the following 2 options: using an Authenticator app, or using a Passkey as part of their device’s built-in security.


  3. If you select AUTHENTICATOR APP:

    1. Follow the steps which begin with scanning the QR code. A few helpful links are also displayed:

      1. Google Authenticator: https://support.google.com/accounts/answer/1066447?hl=en&co=GENIE.Platform%3DAndroid

      2. Microsoft Authenticator: https://www.microsoft.com/en-au/security/authenticator/mobile-app?ocid=authenticator_marketing_qrcode

      3. Duo: https://duo.com/product/multi-factor-authentication-mfa/duo-mobile-app#download-duo-mobile



    2. The authenticator app will prompt you to enter a details for you to save this login. This example screenshot shows Apple Passwords app on the left, and the Duo app on the right.


    3. The authenticator app will then display a One-Time Code (a 6-digit code that changes every 30 seconds), that you then enter in back on your BookingTimes website and click the Verify button to complete the process. This example screenshot again shows Apple Passwords app on the left, and the Duo app on the right.


    4. Once verification has been complete, you will be promoted to save your recovery codes in case you ever lose access to your authenticator app, and these single-use codes are the only way to sign in without another administrator. NOTE - ensure you save those codes now as you won’t be able to see them again. Click Complete button once you’ve saved them.



  4. If you select PASSKEY:

    1. Follow the steps which begin with adding a name for this passkey and click the Add Passkey button to continue.


    2. You will now be prompted to choose how to manage your passkeys, please note this will look different based on your device. This example screenshot suggests the Apple Passwords app which also manages passkeys for Apple devices. Please follow the steps based on your device to complete this process.


Prompted to use multi-factor authentication

Once multi-factor authentication has been set up, staff will be required to complete MFA verification whenever re-authentication is triggered, such as each month as per our updated security requirements, or when accessing the system from a new device or different IP/location combination.

Steps

  1. The following screen will appear to prompt you to select your desired MFA verification method. If you have Passkey set up then use that now to complete the verification process. If you select the Authenticator App or SMS option,  the authentication code will be sent (either displayed in your Authenticator app  or SMS).



  2. If an authentication code has been sent, enter it here and click Verify.

Manually authenticate staff members

High level admin staff that have the right permissions, are able to manually validate other staff connections if MFA is needed (though staff should be using the options available that our outlined in this article using Authenticator apps, Passkeys or two-factor SMS authentication).


Steps


  1. First, ensure the hight level admin staff as the correct permission "Add Instructors & Set Roles" (or “Staff” etc depending on what terminology has been set up for your system) to be able to manually authenticate other staff members.

    1. Please refer to the Security and permissions article for more details.


  2. Navigate to Setup > Instructors & Admins > select staff member

  3. Click on the key icon under their email address



  4. Under the MFA (Multi Factor Authentication) column,  you can click on the Shield icon with a + in it to manually authenticate them. Once they've been authenticated on that browser/device/wifi network you will see the Shield icon with a tick in it. If the staff change wi-fi networks, devices, or their IP and location constantly changes, they may be prompted to re-authenticate.



BookingTimes is the easiest way to manage your staff schedules, chase payments, ensure everyone shows up, organize your financials and keep in contact with your clients.

We can make your business easy.

LINKS
Follow Us
© BookingTimes. All Rights Reserved