# The “Multi-factor” authentication Login

In today's digital landscape, the importance of robust security measures cannot be overstated. XoroERP supports Multi-Factor Authentication (MFA) to safeguard its users' accounts by implementing two-step authentication.

Multi-Factor Authentication (MFA)  is a powerful security feature that adds an extra layer of protection to the login process. It requires users to provide at least two pieces of evidence to verify their identity, ensuring that even if one factor is compromised, the chances of unauthorized access are significantly reduced.

Users will be required to provide two or more authentication factors, which can include something they know (such as a password), something they have (such as a mobile device), or something they are (such as biometric data like fingerprints or facial recognition).

**How It Works:**

1. Go to the Login page, enter your username and password, and click "Sign In".
2. Select the preferred OTP (One Time Password) method for two-step verification.
   * If both email and phone are set up, all options are displayed.
   * If no phone number is registered, only the email option appears.

     <figure><img src="/files/9ZuboCR8p38EVsb0Wuti" alt=""><figcaption></figcaption></figure>
3. Choose an option to sign in and hit "Proceed".

   <div align="left"><figure><img src="/files/VVD2kwWOd9qLpnJxI734" alt=""><figcaption></figcaption></figure></div>
4. On the next page, enter the security code sent to your email or phone.

   <div align="left"><figure><img src="/files/OR54iF2nMZH8tLLQtp11" alt=""><figcaption></figcaption></figure></div>
5. To avoid entering an OTP on future logins from the same browser, check the "Don't require OTP on this browser" option.
6. You will be prompted to enter a device name.\ <img src="/files/INrjbqkRKp0547xpoZCJ" alt="" data-size="original">
7. Enter the device name and click "Login" to log into the system.\ <img src="/files/wBPdol1Zn9yY1mNmmHZL" alt="" data-size="original">
8. The device name and details will be saved under the "My Trusted Devices" module. Saving the device will eliminate the need for an OTP during subsequent logins from that device.

   <figure><img src="/files/2qJrvUMQ1DNwh5e2udtO" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
**Please Note:**

* **The OTP expires in 45 seconds.**&#x20;
* **If the information is deleted from “User Trusted Devices”, the browser will ask for the OTP again while logging in.**&#x20;
* **If the User’s Email or Phone number is updated, the authorization Code/OTP will be received on the updated email/phone number.**
* **Phone number is mandatory in user information and User Upload if using the 2 Factor Authentication process.**&#x20;
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.xorosoft.com/xoroerp-1/user/the-multi-factor-authentication-login.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.