Hi. How can we help?

Setting up multi-factor authentication

Multi-factor authentication (MFA) is widely used by businesses and continues to be one of the simplest and most secure ways to access your work online.

Lightspeed uses MFA to add an extra layer of security to a user's account to prevent unauthorized access. Using MFA reduces the risk of fraud and identity theft and protects businesses from attacks that may compromise data.

MFA requires the user to input their existing password. Then, with a second authentication factor enabled, they will enter a time-based, one-time (OTP), six-digit passcode generated by an authorized third-party authentication application that expires after 30 seconds.

Recommended authenticator apps

We recommend using Google Authenticator, Microsoft Authenticator, or OneLogin Protect.

Setting up MFA for users

MFA needs to be set up for each user in their employee settings.

  1. Navigate to Employee settings by clicking on the user's name in the sidebar navigation.

    Home page with user's name and Employee settings option emphasized.

  2. Select Manage MFA Settings.

    User settings page with Manage MFA Settings emphasized.

  3. Select Enable.

    Enabling Multi-factor authentication.

  4. Download a supported authenticator app on your mobile device. Continue enabling the Multi-factor authentication.
  5. In the authenticator app, scan the QR code to pair your mobile device and then enter the code provided by the authenticator app.

    Modal with QR code and space to enter code provided by authenticator app.

  6. Ensure you’ve saved your provided recovery codes somewhere safe.

    Lightspeed cannot restore access to accounts with two-factor authentication enabled. Ensure your codes are saved in a safe place to avoid locking yourself out of your account.

  7. Select I saved my codes.

    List of recovery codes.

Once finished with the setup, authentication details and factors appear on the main MFA page.

Device has been authenticated.

Logging into Lightspeed products with MFA

Once MFA is set up, the authentication code is found in the supported authenticator app chosen during setup.

Here’s how it works for users:

  1. Log in to a supported product with your username and password.

    MFA login page.

  2. Open your chosen authenticator app. In this example, we’re using OneLogin Protect.

    Onelogin Protect app.

  3. Enter the 6-digit code displayed in the authenticator app. This may automatically copy on your mobile device, depending on your personal settings.

    MFA Authentication code.

  4. (Optional) Select the checkbox next to Remember me on this device for 14 days to skip the MFA process for the next 14 days.
  5. Tap Log in.

You will now be logged in.

Using recovery codes with MFA

Recovery codes are the primary resource for account recovery should an account holder lose access to their authorized device or access to the authentication app. The first avenue for recovering an account with two-factor authentication enabled is using the recovery codes you saved during the setup process. Ensure these are saved in a secure location that can be accessed by only the account holder when required.

There are 3 codes in total, and each can be used only one time. Once a code is used, it is no longer valid, and you'll need to use another code on the list next time. When they’re all used, you can click the link in MFA settings to generate new codes.

Removing an authentication factor

If you lose access to your authenticator app, you can remove an authentication factor in the MFA settings page once you've logged in using an authentication code or with a recovery code.

To remove an authentication factor:

  1. Navigate to Employee settings > Manage MFA Settings.

    User page with Manage MFA Settings emphasized.

  2. For the authentication app you wish to remove, select the trash icon.

    Authenticator app with trash can icon.

  3. Select Remove.

    Remove MFA authentication.

Once the authentication factor has been removed, you can reconfigure your MFA by setting up a new authenticator app. Refer to Setting up MFA for users for more information.

What's next?

Keeping Retail POS (R-Series) secure

Learn more ways to keep your shop secure.

Learn more

Setting up employee roles and access

Group and limit levels of access in your account.

Learn more

Was this article helpful?

0 out of 1 found this helpful