Home Your Account 3. Setting up Multi-Factor Authentication (MFA)

3. Setting up Multi-Factor Authentication (MFA)

Last updated on Jun 30, 2026

Multi-Factor Authentication (MFA) means signing in needs two things: your password and a 6-digit code from an authenticator app on your phone. Even if someone learns your password, they can't get in without your phone.

Some organizations require MFA; others let you turn it on yourself. Either way, the setup is the same.

What you need

An authenticator app on your phone. Any of these work:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy

Install one before you start.

Setting up MFA (web)

  1. Sign in and open Account Settings.
  2. Under Two-Factor Authentication (MFA), click Set Up MFA.
  3. A QR code appears. Open your authenticator app, tap + / Add accountScan QR code, and point it at the code. (Can't scan? The page also shows a key you can type in manually.)
  4. Your app shows a 6-digit code. Type it into the Verification Code box.
  5. Click Verify and Enable MFA.

Save your recovery codes

After setup, BEHCA shows a list of recovery codes. Save these somewhere safe — a password manager, or printed and stored somewhere only you can reach. Each code works once if you ever lose access to your authenticator app.

Logging in with MFA

  1. Enter your email and password as usual.
  2. BEHCA asks for the 6-digit code — open your authenticator app and enter the current one.
  3. Optionally tick Trust this device for 30 days so you won't be asked again on that device for a month.

Codes roll every 30 seconds. There's a small grace window, so if a code flips over just as you submit, the one you typed will usually still be accepted — but if it's rejected, just enter the new code.

I lost my phone — what now?

  1. On the code prompt, choose Use recovery code instead.
  2. Enter one of the recovery codes you saved.
  3. Once you're in, reset MFA (below) and set it up on your new phone.

If you've also lost your recovery codes, contact Support — they can reset MFA on your account so you can sign in and set it up again.

Changing or removing MFA

To switch authenticator apps or remove your current setup, use Reset your MFA from Account Settings:

  1. Open Account Settings and click Reset your MFA.
  2. Enter your password to confirm.
  3. Confirm the reset. BEHCA then sends you to a screen with a new QR code to set up your authenticator again.

Resetting also invalidates your old recovery codes and signs out your trusted devices, so you'll get a fresh set of recovery codes when you finish.

If your organization requires MFA, you can reset it but you can't leave your account without it.

Common questions

  • Do I need MFA on the mobile app too? — MFA is per-account, not per-device. If MFA is on, you'll be asked for a code when signing in on mobile too.
  • Can I use SMS instead? — Not currently. BEHCA supports authenticator-app codes only.
  • Will I need a code every single time? — Only when you sign in. Tick Trust this device for 30 days to skip the code on that device for a month, and staying signed in avoids re-entering it until your session ends.

Related articles