As part of our ongoing commitment to enhancing security and protecting your data, we’re rolling out improvements to our Multi-Factor Authentication (MFA) process. These changes will be released over the coming weeks, so we've compiled a summary of the key changes and some FAQs to help you prepare below.
What is changing with MFA?
We'll be launching a series of enhancements, these include:
- Allowing you to choose between Email or SMS MFA.
- Being able to set your preferred default MFA method in the new 'Security Preferences' page within our Portal.
- Improving our account recovery (reset password) process using your backup MFA method.
- Adding a device recognition feature, so you'll only be prompted for MFA codes when logging in from a new device or when you've cleared your browsers cache.
How do I prepare for the change?
If you have a valid mobile number and email already listed in your Fitness Passport account, then you are all set and there's no action required from you!
If you need to update the mobile number listed in your account, you can head to our Fitness Passport portal and update your mobile number by clicking the pencil edit icon next to your member details.
For our Employer Facilitators or Facility Staff Managers, please reach out to our support team if you need to update your mobile number.
Once these changes are live, you will be able to change your default MFA method to either Email or SMS MFA, via the new Security Preferences screen in the Fitness Passport portal.
Frequently Asked Questions (FAQs)
Will I have to enter an MFA code every time I login?
No, we have launched a new device recognition feature which will only require MFA to be completed when you login from an unknown device. This feature will be available in our Portal immediately and in a future update to our mobile app.
How do I reset my password?
You can recover your account by providing the MFA code from your backup MFA method (e.g. whichever method is not listed as your default). If you have access to this backup method, you’ll be able to reset your password without contacting Fitness Passport support.
However, if you don’t have access to your backup MFA method anymore, then you will need to contact our support to complete a manual account recovery.
I entered the wrong email or phone number during sign-up, what do I do?
If the details you entered during the account creation process were incorrect, you’ll have to contact the Fitness Passport Support team to correct your details. They will be able to update your email and phone number as required. After this has been done, you’ll be required to verify these new details by entering a code sent to each contact method on your first login.
I lost access to my phone number where the code gets sent, what do I do?
If you no longer have access to the phone number where the code is sent for signing in, you will need to contact support for account recovery.
I don't have a work phone, what mobile number should I add for my account?
To ensure we can keep users data safe, we do need to apply these MFA protections via both a valid Email and Mobile Number. If you do not have a work phone number, we recommended adding a personal mobile number to your account.
We will enable users to choose a default MFA method, which will allow you to set 'Email' as your primary way of receiving your MFA codes when logging in. This enables your mobile phone number to only be used to authenticate you in the event that you needed to reset your password.
If you are unable to use a personal mobile number for this process, we recommend entering the valid mobile number of a manager or similar to ensure you are always able to recover your account.