Multi-Factor Authentication (MFA)

Why this matters

Your AwardLettr account holds policy numbers, claim numbers, photos of damaged property, personal contact info for insureds and adjusters, and financial data on every case you have ever worked. If somebody else gets into that account, it is not just an inconvenience. It is a data breach with real people on the other end.

Multi-factor authentication is the single biggest thing you can do to prevent that. Even if your password leaks in some unrelated breach somewhere on the internet (and it probably already has), MFA means the attacker still cannot sign in without the code on your phone. We make it mandatory for good reason.

The one fear people have about MFA is "what if I lose my phone?" That is what backup codes are for, and this article walks you through saving them somewhere safe so you are never locked out of your own account. Set this up once during onboarding and you are protected without thinking about it again.

Multi-factor authentication (MFA) adds a second layer of protection to your account. Even if someone obtains your password, they cannot sign in without the time-based code from your authenticator app.

MFA setup wizard showing QR code scanning step with authenticator app instructions — The MFA setup wizard — scan the QR code with your authenticator app to enable two-factor authentication

Why MFA Matters

Your AwardLettr account contains sensitive case information, financial data, and client contact details. MFA ensures that stolen or guessed passwords alone are not enough to access your account.

What You Need

You need an authenticator app on your phone before you begin. Popular options include Google Authenticator, Authy, and Microsoft Authenticator. Any TOTP-compatible app will work.

Setting Up MFA

Open the MFA Setup Wizard

Go to Account Settings and click "Set Up MFA", or follow the prompt in the MFA Setup wizard if you are a new user.

Scan the QR Code

Open your authenticator app, tap the option to add a new account, and scan the QR code displayed on screen.

Enter the Verification Code

Your authenticator app will show a 6-digit code. Enter it in the verification field to confirm the setup is working correctly.

Save Your Backup Codes

After verification, you will be shown a set of one-time backup codes. Copy them and store them somewhere safe before proceeding.

Complete Setup

Click "Finish" to activate MFA. Future sign-ins will require your authenticator code.

Backup Codes

Backup codes let you sign in if you lose access to your authenticator app — for example if you get a new phone. Each code can only be used once.

Store Backup Codes Safely

Save your backup codes somewhere secure and separate from your phone — a password manager, encrypted notes app, or printed copy stored safely. If you lose both your authenticator and your backup codes, account recovery will require contacting support.

You can generate a new set of backup codes at any time from Account Settings under the MFA section. Generating new codes immediately invalidates all previous backup codes.

14-Day Grace Period

Existing users have a 14-day grace period to set up MFA before it is enforced. During this window you can continue using your account normally. You will see a reminder prompt at sign-in until setup is complete.

Disabling MFA

Go to Account Settings

Navigate to your account settings page.

Find the MFA section

Scroll to the Security or MFA section.

Click "Disable MFA"

You will be asked to enter a verification code from your authenticator app to confirm the change.

Security Risk

Disabling MFA reduces your account security. Only do this if you are transitioning to a new authenticator app and plan to re-enroll immediately.