Multi-factor Authentication (MFA) is an opt-in feature available to Site Owners and Site Admins. Activating Multi-factor Authentication provides an additional layer of security to your account and makes it difficult for someone to sign into your Thinkific site using your login credentials.
In this article:
About This Feature
With today's security climate and the amount of information we store online, cyberattacks are becoming increasingly common. In 2017, Google shared that malicious hackers steal almost 250,000 web logins each week, which are then tested by these hackers across different websites and services online to try to access critical user data such as bank details and personal information.
By requiring an additional step to log in, you can reduce the risk of unauthorized access to your Thinkific site and account. This helps protect your intellectual property, site user information, payment collection methods, and other data across your site.
Using an authenticator app adds an extra layer of protection from common attacks, and there are a number of great options to choose from, including Google Authenticator, Duo Mobile, and Authy. This can be easily downloaded from the App Store on your mobile or other trusted devices.
How It Works
As a course creator on Thinkific (site owners or site admins), you will log into your Thinkific site using your regular email and password details.
You will then be prompted to provide a time-limited password via an authenticator app from a secondary, trusted device. After providing the limited-time password, you will be logged into your site!
How to Activate MFA
- Log into your Thinkific site
- On the dashboard, locate your user profile by clicking Your Account, then User Profile from the sidebar
- (Optional) Alternatively, find your account by searching for your email or name in the Users Report under Support Your Students: Users. From there, click on your name and navigate to the Details tab on the left.
- Click Set Up Multi-factor Authentication
- Check your inbox for the MFA verification email
- Click Confirm my account and a page will open in your browser with a message reading "Account email verified."
- You can now navigate back to the browser tab showing the MFA setup steps. This should now show a green tick and "Email verified".
- Click Continue and enter the password you used to sign into your Thinkific site, then hit Continue again. If needed, you can click Forgot password? to reset your password.
- Next you'll need to download an authenticator app on your mobile device, such as Google Authenticator, Authy or Duo Mobile. This can be done from the Google Play Store or the App Store.
- Follow the steps in the app to add a new account or scan a QR code, then scan the QR code shown on your computer in Thinkific
- Scanning the QR code with your phone will create a six-digit limited-time password on your mobile device. Enter this six-digit code into the Authentication code field in Thinkific.
- Click Activate & Continue. MFA is now enabled on your account!
Make sure to save your recovery codes by clicking Download Text File or Copy To Clipboard, then pasting the codes in a safe file or document. These codes can be used to regain access to your account in the case that you lose access to your mobile device or authenticator app.
Note: Recovery codes can only be used once. You will be provided with eight recovery codes, and can generate more recovery codes by following the steps below.
Signing In
How to Sign In with MFA
- Navigate to the login page of your Thinkific site
- Enter your email and password and click Sign In
- Check for the limited-time code in the authenticator app on your mobile device, and enter this code into the Authentication code field on your Thinkific site
- Click Verify
How to Regain Access to Your Account with Your Recovery Codes
If you lost or no longer have access to your mobile device, you can provide verification using your recovery codes from when you first set up MFA. It's important to note that recovery codes can only be used once.
- From the Sign-In page, enter your email and password
- When asked for your authentication code, paste one of your recovery codes into the Authentication code field
- Click Verify. Note that this recovery code is no longer available for use
How to Generate New Recovery Codes
- On the dashboard, locate your user profile by clicking Your Account, then User Profile from the sidebar
- At the bottom of the page, click Generate New Recovery Codes. This will invalidate the previous set of recovery codes.
How to Deactivate MFA
- Log into your Thinkific site
- On the dashboard, locate your user profile by clicking Your Account, then User Profile from the sidebar
- Click Deactivate MFA
- Provide the limited-time password from your authenticator app on your mobile device, or one of your recovery codes, and enter your password in the Password field
- Click Deactivate MFA to deactivate Multi-factor authentication on your account
Changing Your Email
When you change the email for your account while MFA is activated, there will be the additional step of confirming your email address before you can sign in with that email.
- Log into your Thinkific site
- On the dashboard, locate your user profile by clicking Your Account, then User Profile from the sidebar
- (Optional) You can also do this for another account by searching for the account on the Support Your Students: Users page and clicking on the name of the account
- Click Edit Profile
- Update the Email address field with your new email and click Save
- Confirm your new email address and click Confirm
- (Optional) If you need to resend the verification email you can do so from your user profile page by clicking the Resend Email banner at the top of the page
- You will then be signed into your account and see a message that your email has been verified. Note that if you confirmed your new email from a different device, you will be prompted to sign into your Thinkific site from that device and will need to use MFA to do so.
- You have successfully changed your email!
Frequently Asked Questions
When is MFA needed?
You will need to provide a verification code when you:
- sign into your site
- reset your password
- deactivate MFA
What if I lose access to my mobile device or authenticator app?
You can regain access to your site using the recovery codes that were provided in the last step of setting up MFA.
What if I no longer have access to my recovery codes?
If you lose access to your recovery codes and you cannot access your phone/authenticator app, please reach out to our Support team and we'll be happy to help!
Can I use Thinkific's MFA if I log in with Google, Facebook, LinkedIn or other apps using OAuth Authorization?
We currently only support Multi-factor Authentication for authentication with Thinkific. If you are using OAuth Authorization to log in using an external identity provider, we recommend enabling your MFA settings with your provider.
What happens if I turn off MFA?
If you turn off MFA, your account will default to Sign-In Email Verification.
Related Articles
Why am I not receiving emails from Thinkific?