Home Your Account 3. Setting up Multi-Factor Authentication (MFA)

3. Setting up Multi-Factor Authentication (MFA)

Last updated on May 01, 2026

Multi-Factor Authentication (MFA) means that signing in needs two things: your password and a 6-digit code from an authenticator app on your phone. Even if someone knows your password, they can't get in without your phone.

Some organizations require MFA. Others let you turn it on yourself. Either way, the setup is the same.

What you need

An authenticator app on your phone. Any of these work:

  • Google Authenticator

  • Microsoft Authenticator

  • Authy

  • 1Password (built-in)

  • iCloud Keychain (built-in on iOS/macOS)

Pick one and install it before starting.

Setting up MFA

On the web

  1. Sign in at app.behca.com (US) or au.behca.com (Australia).

  2. Click your avatar → Account SettingsMFA Settings.

  3. Click Enable MFA.

  4. A QR code appears on screen.

  5. Open your authenticator app and tap + / Add accountScan QR code.

  6. Point your camera at the QR code.

  7. Your authenticator app shows a 6-digit code. Type it into the BEHCA setup screen.

  8. Click Confirm.

Save your recovery codes

After setup, BEHCA shows you a list of recovery codes. Save these somewhere safe — a password manager, printed out, or written on paper somewhere only you can find. Each code can be used once if you ever lose access to your authenticator app.

Logging in with MFA

Every time you sign in:

  1. Enter your email and password as usual.

  2. BEHCA asks for a 6-digit code.

  3. Open your authenticator app, copy the current 6-digit code for BEHCA, and paste it in.

Codes change every 30 seconds. If yours expires before you finish typing, just use the next one.

I lost my phone — what now?

  1. On the MFA prompt screen, click Use a recovery code.

  2. Type one of the recovery codes you saved.

  3. Once signed in, go to MFA Settings and reset MFA, then set it up on your new phone.

If you've also lost your recovery codes, contact your organization's account owner. They can clear MFA on your account so you can log in once and set it up again.

Turning MFA off

If your organization doesn't require MFA, you can disable it:

  1. Account SettingsMFA Settings.

  2. Click Disable MFA.

  3. Confirm with your password.

If MFA is required by your organization, you won't see the disable option.

Common questions

  • Do I need MFA on the mobile app too? — MFA is per-account, not per-device. If you have MFA, you'll be asked for a code when signing in to mobile too.

  • Can I use SMS instead? — Not currently. BEHCA only supports authenticator-app MFA.

  • Will I need a code every time, even on my own laptop? — Yes, for now. Every sign-in asks for a code. If you stay signed in (don't log out), you won't need a code until your session expires.

  • What if my authenticator app changes its code while I'm typing? — Just use the new code. They roll every 30 seconds and there's a small overlap window.