MFA User Guide

Setting Up Two-Factor Authentication (2FA)

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) adds an extra layer of security to your MuscleSound account. Even if someone obtains your password, they won't be able to access your account without the second factor - a time-based code from your phone.

Benefits of enabling 2FA: - Protects your account from unauthorized access - Secures sensitive athlete and patient data - Meets security compliance requirements - Takes less than 5 minutes to set up

What You'll Need

Before you begin, you'll need an authenticator app on your smartphone:

Recommended Apps (Free): - Google Authenticator - iPhone | Android - Microsoft Authenticator - iPhone | Android - Authy - iPhone | Android - 1Password (if you already use it for passwords)

How to Enable Two-Factor Authentication

Step 1: Access Your Security Settings

1. Log in to your MuscleSound account
2. Click on your profile menu in the top right corner
3. Select Security Settings or navigate to: /two_factor_settings

Step 2: Scan the QR Code

1. On the Two-Factor Authentication page, you'll see a QR code
2. Open your authenticator app on your phone
3. Tap the + (plus) button or Scan QR code option
4. Point your phone's camera at the QR code on your screen
5. The app will automatically add your MuscleSound account

Can't scan the QR code? Most authenticator apps also have a "Manual Entry" option where you can type in a code manually.

Step 3: Enter Your Verification Code

1. Your authenticator app will now show a 6-digit code that changes every 30 seconds
2. Enter the current code in the Verification Code field on the website
3. Click Enable Two-Factor Authentication

Step 4: Save Your Backup Codes

This is the most important step!

After enabling 2FA, you'll see 10 backup codes. These are single-use codes that let you access your account if: - You lose your phone - You get a new phone - Your authenticator app isn't working

Important: - ✅ Print these codes and store them in a safe place - ✅ Take a screenshot and save it securely (not on your phone) - ✅ Copy them to a password manager - ❌ Don't share these codes with anyone

Each backup code can only be used once, so keep track of which ones you've used.

Logging In with Two-Factor Authentication

Once 2FA is enabled, logging in requires two steps:

Step 1: Enter Your Email and Password

Log in normally with your email address and password.

Step 2: Enter Your Verification Code

1. After entering your password, you'll be redirected to a verification page
2. Open your authenticator app on your phone
3. Find your MuscleSound account
4. Enter the current 6-digit code shown in the app
5. Click Verify

Tip: The codes expire every 30 seconds. If a code doesn't work, wait for the next one to appear and try again.

Troubleshooting

"Invalid verification code" error

Solution 1: Check the time on your phone - Authenticator apps rely on your phone's time being accurate - Go to your phone's Settings → Date & Time - Enable "Set Automatically" or "Use Network Time"

Solution 2: Wait for the next code - Codes expire every 30 seconds - If you entered a code just as it was expiring, try the new code

Solution 3: Use a backup code - Enter one of your 10 backup codes instead - Each backup code works only once - You can regenerate backup codes after logging in

Lost access to your authenticator app?

If you have your backup codes: 1. Go to the login page 2. Enter your email and password 3. When prompted for a verification code, enter one of your backup codes 4. After logging in, go to Security Settings to disable and re-enable 2FA with a new device

If you don't have your backup codes: - Contact MuscleSound support at support@musclesound.com - We'll verify your identity and help you regain access to your account - For security, this process may take 1-2 business days

Got a new phone?

Before you lose access to your old phone: 1. Set up your authenticator app on your new phone 2. Scan the QR code from Security Settings to add MuscleSound to the new device 3. Verify it works by checking that both devices show the same code

Already lost access to your old phone: 1. Use a backup code to log in 2. Go to Security Settings 3. Disable 2FA (requires your password) 4. Re-enable 2FA and scan the QR code with your new phone 5. Save your new backup codes

Switching to a different authenticator app?

1. Log in to MuscleSound
2. Go to Security Settings
3. Disable 2FA (requires your password)
4. Re-enable 2FA
5. Scan the new QR code with your preferred authenticator app
6. Save your new backup codes

Managing Your Backup Codes

Viewing Your Remaining Codes

Your backup codes are only shown once when you first enable 2FA. If you didn't save them, you'll need to regenerate new ones.

Regenerating Backup Codes

If you've used several backup codes or lost your list:

1. Log in to MuscleSound
2. Go to Security Settings
3. Scroll to the Regenerate Backup Codes section
4. Enter your current password
5. Click Regenerate Backup Codes
6. Save your new set of 10 backup codes

Note: This will invalidate all previous backup codes.

How to Disable Two-Factor Authentication

If you need to turn off 2FA:

1. Log in to MuscleSound (you'll need your authenticator app or a backup code)
2. Go to Security Settings
3. Scroll to the Disable Two-Factor Authentication section
4. Enter your current password
5. Click Disable Two-Factor Authentication

Warning: Disabling 2FA makes your account less secure. We recommend keeping it enabled to protect your data.

Best Practices

✅ Keep backup codes secure - Store them separately from your phone ✅ Use a reputable authenticator app - Stick with well-known apps from official app stores ✅ Update your phone's time settings - Enable automatic time updates ✅ Regenerate backup codes periodically - Especially if you've used several of them ✅ Test 2FA after setup - Log out and back in to make sure it works

❌ Don't use SMS-based 2FA - MuscleSound uses app-based codes, which are more secure ❌ Don't share backup codes - Treat them like passwords ❌ Don't store backup codes on your phone - If you lose your phone, you'll lose both factors

Frequently Asked Questions

Is Two-Factor Authentication required?

Currently, 2FA is optional for all MuscleSound users. We strongly recommend enabling it to protect your account and patient data.

Can I use the same authenticator app for multiple accounts?

Yes! Your authenticator app can store codes for multiple services (MuscleSound, email, social media, etc.). Each service will appear as a separate entry in your app.

What if I'm traveling without my phone?

Make sure to bring your backup codes when traveling, or have them stored in a secure location you can access remotely (like a password manager).

Does 2FA cost anything?

No, 2FA is completely free. The authenticator apps are also free to download and use.

Will 2FA slow down my login?

2FA adds about 5-10 seconds to your login process. Most users find this minor inconvenience is worth the significant security benefit.

Can I use a password manager's built-in authenticator?

Yes! If you use 1Password, Bitwarden, or another password manager with built-in TOTP support, you can use that instead of a standalone authenticator app.

Need More Help?

If you're having trouble setting up or using Two-Factor Authentication, we're here to help!

Contact MuscleSound Support: - Email: support@musclesound.com - Phone: [Your support phone number] - Hours: Monday-Friday, 8am-5pm MT

For urgent account access issues, please mention "Two-Factor Authentication" in your subject line so we can prioritize your request.

Additional Resources

• What is Two-Factor Authentication? (Video) - General overview from Google
• How to Use Google Authenticator
• How to Use Microsoft Authenticator
• MuscleSound Security Best Practices

Last updated: November 23, 2024