# Password and multi-factor authentication (MFA) Password requirements, password change/recovery, and enabling and configuring MFA in eAuditor cloud®. ## Password ### Creating an account and password requirements During registration at: a password is set. It must comply with the following policy: * minimum **8 characters**, * at least **one uppercase** and **one lowercase letter** (A–Z, a–z), * at least **one digit** (0–9), * at least **one special character**, e.g. `@ # $ % ! ?`. {% hint style="warning" %} **Tip:** do not use dictionary or obvious passwords (e.g., “Firma2025!”). Preferably choose a long passphrase and do not reuse passwords across services. It is recommended to use a password generator and manager. {% endhint %} ### Password change (user/administrator) **Path:** **Account Management → Organizations → Administrators → Admins** {% stepper %} {% step %} Open the list of administrators. {% endstep %} {% step %} Select **Edit** for the selected administrator. {% endstep %} {% step %} Select **Change Password** in the Password section {% endstep %} {% step %} Set a new password compliant with the password policy and **save changes**. {% endstep %} {% endstepper %} **Account preview:** in the tab **Account Management → User Profile** you will see information about the currently logged-in account. ### Forgotten password On the login screen, in the lower left corner select **Remind password** and follow the instructions in the email.
### Multi-Factor Authentication (MFA) MFA increases account security by requiring an additional identity verification step at login. ## MFA ### Who can enable MFA? **MFA activation for administrators can only be performed by the system administrator.** Other users see the status and available options in the **Profile**. ### Enabling MFA for an administrator (by the system administrator) **Option 1: Account Management → Organizations → Administrators → Admins** **Option 2: Account Management → Account Management** {% stepper %} {% step %} Open **Edit** for the selected administrator. {% endstep %} {% step %} In the **Two-Factor Authentication (2FA)** enable the requirement to use one of the available methods. {% endstep %} {% step %} Select an authentication method: * **Authenticator app** (e.g., Microsoft Authenticator, Google Authenticator), * **Email code** (confirmation by a code sent to the email address). {% endstep %} {% endstepper %} > After saving changes, at the next login the administrator will be prompted to configure the authenticator app. #### MFA configuration – authenticator app (user) Configuration will be required at **the next login**if the administrator has activated the 2FA requirement. **Configuration steps:** {% stepper %} {% step %} A **QR code**. {% endstep %} {% step %} will appear on the configuration screen **Open the authenticator app and** scan the QR code. {% endstep %} {% step %} Enter **e.g., Microsoft Authenticator / Google Authenticator** one-time code {% endstep %} {% step %} **generated in the app in the field in the system.**. {% endstep %} {% endstepper %} {% hint style="danger" %} **Note:** MFA is configured **When using an authenticator app (e.g., Microsoft Authenticator, Google Authenticator),**ensure you perform an app backup {% endhint %} #### . If you lose your phone without a backup you may lose access to the account and will need to contact the system administrator. MFA configuration – email code (user) {% stepper %} {% step %} After this method is enabled by the administrator: **At login you will receive** a code to the email address {% endstep %} {% step %} assigned to the account. {% endstep %} {% endstepper %} Enter the code in the system to complete the login. **This step will be required**. ## at every login {% hint style="success" %} **Best practices and troubleshooting** Device change {% endhint %} {% hint style="success" %} **(2FA app): before changing the phone add a second device in the app or update 2FA on the system side. If access is lost, contact the system administrator.**No email with code received **: check the**SPAM **folder, mail filters and the correctness of the address in the**. {% endhint %} {% hint style="success" %} **Profile**2FA code errors {% endhint %} {% hint style="success" %} **: ensure that the time on the phone is set automatically (time synchronization affects the correctness of time-based one-time codes generated in the Authenticator app).**Password strength {% endhint %} ## : consider a length of 12+ characters and a password manager for secure storage.
Frequently Asked Questions (FAQ) **Yes**Can MFA be used by email only?
The administrator can enforce the email method instead of the app. Can a regular user enable MFA by themselves? **folder, mail filters and the correctness of the address in the**Configuration and overview are done from **, but** the requirement **to use MFA is set by the**.
system administrator **Yes**Can I change the MFA method after configuration?
**Request the administrator to update the 2FA settings.** Contact in case of problems: ****

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://eaclouddoc.eauditor.eu/eacloud-docs-en/getting-started/quickstart/password-and-multi-factor-authentication-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.