Multi-Factor Authentication (MFA) FAQs

This article will list frequently asked questions regarding the implementation of TeamKeeper's Multi-Factor Authentication

Implementing Multi-Factor Authentication (MFA) is a significant step toward enhancing the security of your organization's data. As TeamKeeper introduces mandatory MFA, clients may have several questions regarding its implementation and impact. Here are some common inquiries:

1. What is Multi-Factor Authentication (MFA)?
   MFA is an authentication method that requires users to provide two or more verification factors to gain access to a resource, such as an application or online account. This approach enhances security by combining something the user knows (like a password) with something the user has (like a one-time code sent to their email).

2. Why is TeamKeeper implementing mandatory MFA?
   Implementing MFA significantly reduces the risk of unauthorized access due to compromised credentials. By requiring an additional verification step, TeamKeeper aims to enhance the security of user accounts and protect sensitive information.

3. Will all TeamKeeper users receive the MFA notification upon login?
   No. The MFA notification message is currently displayed only to users with designated roles such as Administrator, Human Resources, or Accountant. These individuals are encouraged to communicate the upcoming changes to their teams as appropriate in preparation for the MFA rollout.

4. How will the MFA process work in TeamKeeper?
   Upon logging in, users will enter their username and password as usual. They will then receive a one-time code sent to the email address listed in their TeamKeeper profile. Users must enter this code to complete the login process.

5. What if a user doesn't have access to their work email outside of work hours?
   If company policy permits, users can update their TeamKeeper profile to include a personal email address for receiving MFA codes. This ensures they can access their accounts at any time.

6. Can users add multiple email addresses to their TeamKeeper profile for MFA?
   Currently, TeamKeeper profiles for MFA support only one email address. Users should ensure the email used in their profile for MFA authentication is one they can access when the one-time code is emailed.

7. Are there alternative methods for receiving MFA codes, such as authenticator apps or hardware tokens?
   At this time, TeamKeeper's MFA implementation relies solely on sending one-time codes to the user's email address. Integration with authenticator apps or hardware tokens is not currently supported but may be considered in future updates.

8. What should a user do if they forget their MFA code or if it expires?
   If an MFA code is forgotten or expires, the user can attempt to log in again. This will trigger the system to send a new one-time code to their registered email address.

9. How can a user update their email address in TeamKeeper for MFA purposes?
   Users should contact their company's HR department or an administrator with access to their TeamKeeper account to request an update to their email address in their profile. TeamKeeper support agents are not authorized to make changes to an employee's profile unless explicitly instructed by an authorized contact for that TeamKeeper account.

10. What if a user cannot access their email to retrieve the MFA code?
    If a user cannot access their registered email address, they should contact their company's HR department or an administrator to update their email information in TeamKeeper. This will ensure they receive MFA codes and access their account.

11. Will there be future enhancements to TeamKeeper's MFA options?
    As TeamKeeper continues to develop its product, new features, including alternative MFA options, may be added. Users are encouraged to provide feedback and stay informed about updates to the platform.

12. Is MFA optional for TeamKeeper users?
    No, MFA is mandatory across all TeamKeeper websites. This security measure is enforced platform-wide and cannot be disabled or bypassed by individual users. Every user must have a valid email address in their TeamKeeper profile to receive MFA codes and access the system.

13. What happens if employees are not set up for MFA by the deadline?
    If an employee does not have a valid email address listed in their TeamKeeper profile by the MFA enforcement deadline, they will be unable to access the TeamKeeper site. Access will remain restricted until a valid email address is added to their profile. This policy applies universally and cannot be overridden by users or administrators.

14. How could missing the MFA setup deadline impact TeamKeeper general users, supervisors and administrators?
    Failure to ensure all employees are properly set up for MFA before the deadline may result in widespread access issues. HR teams and administrators will need to manually update affected profiles, which could lead to delays and increased workload. To avoid disruption, organizations should verify that all user profiles contain valid email addresses well in advance of the enforcement date.

15. How will employees that clock in and out by the mobile app be affected?
    Employees who use the mobile app only to clock in and out will not be required to use MFA, as they do not access the TeamKeeper site via a web browser.

16. How will employees that clock in and out by time clocks be affected?

    Employees who use the TeamKeeper mobile  application exclusively for clocking in and out will not be impacted by MFA (Multi-Factor Authentication) requirements, as long as they do not need to access timesheet information through the application.

    Note: While users can currently access timesheet and leave information through the mobile application, an upcoming security update will require Multi-Factor Authentication (MFA) for those accessing features beyond basic clock-in/clock-out. This update will introduce one-time password (OTP) authentication and will be enabled after thorough testing to ensure a smooth and secure experience.