# Virtual MFA
Virtual MFA is a security verification method that has been widely used. In addition to the 「user name+password」 that is regularly required, the user also needs to input the dynamic code provided by virtual MFA to log in. By using virtual MFA, the user could effectively prevent account risks caused by password leakage, improving account security significantly. All account-sensitive operations (excluding login) are protected by virtual MFA.
Generally speaking, to use virtual MFA, the user needs to bind the app in the mobile phone with the MFA key of the account, and could pass the MFA verification by opening the app and inputting the dynamic code displayed.
This chapter will describe how virtual MFA is supported by the TE system, including enabling by an individual and compulsory MFA for all members in your company.
# I. Enabling/Disabling MFA for Individuals
# 1.1. Enabling MFA for individuals
Companies with strict requirements for the account security could set the virtual MFA for their personal accounts by entering the 「personal center」 in the menu in the upper right corner of the web page.
Click the「enable」 button under 「virtual MFA」in the 「Account Security」 section to bind with an MFA device.
After clicking「enable」, enter your TE password to verify:
After entering the binding step, you need to download the identity verification app to scan the QR code in the middle of the screen to obtain relevant information. You can manully enter the security if QR fails to load.
After scanning the code or inputting the key, the identity verification app would create a scenario (some apps would require you to save the scenario manually), where a 6-digit verification code would be displayed; input the code at the corresponding position on the screen to finish the verification, and the MFA would be bound successfully.
After binding with the MFA, you need to log back in with the virtual MFA that has just been bound. For detailed information, please refer to Chapter 3 「log-in procedure after enabling MFA」.
# 1.2 Disable MFA for individuals
If you need to disable MFA, please click 「disable」 under「virtual MFA」in 「account security」 section:
After clicking 「disable」, you need to input the dynamic code of MFA to verify your identity. You can then delete the MFA information from the identity verification app:
# Manage Virtual MFA
System admin can enter the 「system settings」page in the menu in the upper right corner of the web page to manage the virtual MFA in the「virtual MFA」tab under 「system security」, including turning on compulsory MFA for all members or disbale the MFA of any member.
# Turn on/ off compulsory MFA
If you have strict requirements for the overall security of the system, we also provide the capability of global management, a function that could force all users to bind with MFA. The system admin could choose to allow or forbid compulsory enabling of MFA.
If compulsory MFA is turned on, all users that have not enabled MFA would be required to bind with virtual MFA upon the next login, and could only log in after binding with virtual MFA. If the user unbinds with the virtual MFA that has been bound, he/she would be required to bind with MFA upon the next login as well.
If compulsory enabling of MFA is forbidden, the system would not require the user to bind with virtual MFA, nor would it unbind the already-bound virtual MFA.
# 2.2 Disable virtual MFA for specific users
If the user fails to obtain the dynamic code of the virtual MFA after losing the device or mistakenly deleting the identity verification app, the system admin could unbind the user from the virtual MFA on the virtual MFA management page.
::: Tips
System admin who failed to obtain MFA dynamic code could contact TE staff to complete the unbinding process.
:::
# III. Login Procedure after Enabling MFA
If the virtual MFA is enabled, the user would enter the MFA verification step after completing the password verification. In this case, you can open the identity verification app that has been bound with MFA before, input the dynamic code displayed by the app, and log in to the TE background after passing the verification.
It should be noted that you would not enter the MFA verification step if you adopt third-party login.