Multi-Factor Authentication (MFA)

MFA is a foundational security measure that requires a user to provide two or more different methods of verification before gaining access to the SpendCraft application or its sensitive data. By moving beyond simple passwords, MFA creates a robust barrier against unauthorized access.

🛡️ The Mechanism: Independent Factors

MFA relies on requiring credentials from at least two independent categories. This ensures that if one factor is compromised, the others remain secure:

1. Something You Know (Knowledge Factor): A traditional password, PIN, or the answer to a specific security question.
2. Something You Have (Possession Factor): A physical item in the user's possession, such as a smartphone (to receive a one-time passcode or push notification) or a dedicated hardware security key.

📈 Role in SpendCraft Security & Compliance

In an environment managing sensitive financial and procurement data, MFA is not just a feature—it is a critical necessity:

• Cyber Defense: MFA effectively neutralizes common threats like phishing or credential stuffing. Even if an attacker successfully steals a user's password, they will be blocked without access to the second factor (e.g., the user's mobile device).
• Regulatory Compliance: Enforcing MFA is often a mandatory requirement for compliance with global standards such as GDPR, HIPAA, and PCI DSS. Implementing this demonstrates due diligence in protecting proprietary corporate financial information.
• Administrative Oversight: The MFA Enabled column in the Manage Team module provides administrators with a real-time audit view. This allows for rapid identification of users who do not meet this critical security requirement, enabling immediate risk mitigation and enforcement.