> ## Documentation Index
> Fetch the complete documentation index at: https://withforerunner.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Multi-factor authentication

> Add an extra layer of security to your Forerunner account

Multi-factor authentication (MFA) adds an extra layer of security to your Forerunner account by requiring a verification code in addition to your password. Even if someone obtains your password, they can't access your account without the verification code.

## How MFA works

When MFA is enabled, signing in requires two steps:

1. **Something you know** - Your email and password
2. **Something you have** - A verification code sent to your phone

This two-factor approach significantly reduces the risk of unauthorized account access.

## MFA methods in Forerunner

### SMS verification

Forerunner uses SMS-based verification for team member accounts:

<Steps>
  <Step title="Sign in with password">
    Enter your email and password on the sign-in page.
  </Step>

  <Step title="Receive code">
    A verification code is sent via SMS to your registered phone number.
  </Step>

  <Step title="Enter code">
    Type the 6-digit code into Forerunner.
  </Step>

  <Step title="Access granted">
    Once verified, you're signed in to your account.
  </Step>
</Steps>

<Note>
  MFA via SMS requires a mobile phone capable of receiving text messages. If you have limited cell service, contact your CSM to discuss alternatives.
</Note>

## Setting up MFA

If your account requires MFA and you haven't set up a phone number:

<Steps>
  <Step title="Sign in">
    Enter your email and password as usual.
  </Step>

  <Step title="Add phone number">
    When prompted, enter your mobile phone number.
  </Step>

  <Step title="Verify phone">
    Receive a verification code via SMS and enter it to confirm your number.
  </Step>

  <Step title="Complete setup">
    Your phone is now registered for MFA. Future sign-ins will send codes to this number.
  </Step>
</Steps>

<Tip>
  Use your personal mobile number rather than a shared office phone to ensure only you can receive verification codes.
</Tip>

## Managing your MFA phone number

### Updating your phone number

To change the phone number used for MFA:

<Steps>
  <Step title="Go to settings">
    Navigate to **Settings** > **Account** or **Profile**.
  </Step>

  <Step title="Find phone settings">
    Locate the phone number or MFA settings section.
  </Step>

  <Step title="Verify current number">
    You may need to verify your identity with a code sent to your current number.
  </Step>

  <Step title="Enter new number">
    Provide your new phone number.
  </Step>

  <Step title="Verify new number">
    Enter the verification code sent to your new phone.
  </Step>
</Steps>

<Warning>
  Keep your phone number current. If you lose access to your MFA phone, you may be locked out of your account.
</Warning>

## When MFA is required

MFA requirements are set at the account level by your Customer Success Manager:

### Account-wide MFA

When enabled for the account:

* All team members must complete MFA setup
* MFA is required on every sign-in
* Phone numbers become mandatory profile fields

### Optional MFA

Some accounts allow individual users to opt in:

* Users can enable MFA in their settings
* Provides additional security without account-wide requirement
* Recommended for users with sensitive access

<Note>
  Contact your Customer Success Manager to discuss enabling MFA for your account or to change MFA requirements.
</Note>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Not receiving verification code">
    **Try these steps:**

    * Wait 1-2 minutes for the code to arrive
    * Check that your phone has cell service
    * Verify the phone number on file is correct
    * Request a new code by clicking "Resend code"
    * Check if your phone blocks messages from short codes

    **If codes still don't arrive:**

    * Contact your carrier to ensure SMS short codes aren't blocked
    * Contact your Manager or CSM for assistance
  </Accordion>

  <Accordion title="Code expired">
    MFA codes expire after a short period (typically 5-10 minutes). Request a new code and enter it promptly.
  </Accordion>

  <Accordion title="Lost access to phone">
    If you no longer have access to your MFA phone number:

    1. Contact your Manager immediately
    2. They can work with your CSM to reset your MFA
    3. You'll need to verify your identity through other means
    4. Set up a new phone number once access is restored

    <Warning>
      For security, MFA reset requires identity verification. Have your Manager contact your CSM to initiate the process.
    </Warning>
  </Accordion>

  <Accordion title="Changed phone numbers">
    If you have a new phone number:

    1. Sign in using your old number if still accessible
    2. Update your phone number in settings
    3. Verify the new number

    If you can't sign in at all:

    * Contact your Manager for MFA reset assistance
  </Accordion>

  <Accordion title="Wrong phone number on file">
    If the wrong number was registered:

    1. Contact your Manager
    2. They can work with your CSM to correct the phone number
    3. You'll verify the correct number during reset
  </Accordion>

  <Accordion title="MFA required but not set up">
    If MFA is newly required for your account:

    1. You'll be prompted to add a phone number at sign-in
    2. Enter your mobile phone number
    3. Verify with the code sent to your phone
    4. MFA is now configured for future sign-ins
  </Accordion>
</AccordionGroup>

## Security considerations

### Why MFA matters

MFA protects against common security threats:

| Threat                  | How MFA helps                                                                  |
| ----------------------- | ------------------------------------------------------------------------------ |
| **Password theft**      | Stolen password alone can't access your account                                |
| **Phishing**            | Even if you're tricked into revealing your password, attackers lack your phone |
| **Credential stuffing** | Reused passwords from breached sites can't compromise your account             |
| **Unauthorized access** | Physical access to your phone is required                                      |

### Best practices

**Protect your phone**

* Keep your phone physically secure
* Use a screen lock (PIN, fingerprint, or face recognition)
* Don't share verification codes with anyone
* Be cautious of unexpected MFA prompts

**Keep information current**

* Update your phone number immediately when it changes
* Notify your Manager if you lose your phone
* Don't use temporary or shared phone numbers

**Recognize suspicious activity**

* Question unexpected MFA prompts when you're not signing in
* Report MFA codes you didn't request to your Manager
* Never share codes with anyone, even if they claim to be from Forerunner

<Warning>
  Forerunner will never ask for your MFA code via email, phone call, or support chat. Only enter codes on the official Forerunner sign-in page.
</Warning>

## MFA for different user types

### Internal team members

MFA for staff accounts:

* Configured via SMS verification
* Phone number stored in user profile
* Required based on account settings

### Public users

Public website users (residents):

* Do not have MFA requirements
* Use password-based authentication only
* Protected by email confirmation

### Forerunner administrators

Internal Forerunner team members may use additional MFA methods not covered here.

## Account-level MFA settings

These settings are managed by your Customer Success Manager:

| Setting                    | Description                                |
| -------------------------- | ------------------------------------------ |
| **MFA enabled**            | Whether MFA is active for the account      |
| **MFA required**           | Whether all users must complete MFA        |
| **Session timeout**        | How long until re-authentication is needed |
| **Failed attempt lockout** | Maximum failed MFA attempts before lockout |

Contact your CSM to discuss changes to these settings.

## Disabling MFA

MFA can only be disabled at the account level by your Customer Success Manager. Individual users cannot opt out when MFA is required.

If you believe MFA should be disabled for your account:

1. Discuss with your Manager
2. Manager contacts CSM with the request
3. CSM evaluates security implications
4. Changes are made if appropriate

<Note>
  MFA is a security best practice and is recommended for all accounts. Disabling MFA increases risk of unauthorized access.
</Note>

## Related topics

* [Signing in](/administration/authentication/signing-in) - Access your Forerunner account
* [Password management](/administration/authentication/passwords) - Reset and change passwords
* [Account settings](/administration/account-settings) - Update your profile including phone number
* [Data security](/administration/data-security) - Learn about Forerunner's security measures
