Two-Factor Authentication (2FA) User Guide
Two-Factor Authentication (2FA) with a FIDO2 Key
Two-factor authentication (2FA) helps secure and protect your MaxMind account by adding an additional layer of security. We currently support 2FA with security keys that are compliant with the FIDO2 standard (e.g. Yubikey, supported biometric keys). After you set up 2FA, access to your MaxMind account will require your password and security key. You may register up to 5 security keys.
- Google Chrome (67+)
- Firefox (60+)
- Edge (18+)
- Safari (13+)
- Opera (54+)
You must set up a recovery method before you can enable 2FA. The supported recovery method is a set of one-time access codes. This will allow you to access your account with a code in the event your security key is lost or damaged.
How to Set-up 2FA
- From your Account Portal page, select “Two-Factor Authentication” from the left hand navigation menu.
- Enter a unique name for your security key.
- Register your FIDO2 key of choice through your web browser to complete the registration. If registration is successful, the key will appear along with the date of registration.
- Click on “Generate recovery codes”
- Copy down the set of five codes for storage in a separate and secure place then click “Next” to complete setup.
Who can set-up 2FA?
Any MaxMind user with login credentials to access a MaxMind account can set-up 2FA. Note that 2FA is set-up at the user-level and not at the account-level, meaning every user of an account will have to individually set-up 2FA to fully secure the account.
Is 2FA required?
No, activating 2FA is optional for each person that has login access to a MaxMind account. We recommend using 2FA help secure and protect your MaxMind account.
Can an account admin require 2FA for all account users?
No, each account user will have to set-up 2FA themselves.
Can an account admin deactivate 2FA for account users?
No, an account user has to deactivate 2FA themselves.
How do I deactivate 2FA?
Select “Two-Factor Authentication” from the left hand navigation menu in the Account Portal, then click the “Deactivate” button towards the bottom of the page.
Can I use a non-physical key?
Yes, we support Touch ID on macOS using Chrome or Edge. Please note authentication details aren’t shared between different browsers so Touch ID in one browser won’t automatically work in another browser. Currently supported platforms and browsers can be found here.
If you have any questions, please contact us at firstname.lastname@example.org.