Skip to content

Security & MFA

Protect your Basin account with Multi-Factor Authentication for enhanced security.

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (also called 2FA or Two-Factor Authentication) adds an extra layer of security to your Basin account. When enabled, you'll need to provide two things to sign in:

  1. Something you know - Your password
  2. Something you have - A verification code from your authenticator app or email

Even if someone discovers your password, they won't be able to access your account without the second factor.

MFA Delivery Methods

Basin supports two methods for receiving your MFA verification codes:

Method Description Best For
Authenticator App Time-based codes from apps like Google Authenticator, Authy, or 1Password Maximum security, works offline
Email Codes sent to your registered email address Convenience, no app required

Setting Up MFA

Step 1: Access MFA Settings

  1. Navigate to Account SettingsMFA Settings (Or go directly to usebasin.com/app/mfa_settings)

Step 2: Get Your First Code

Before enabling MFA, you need to obtain a verification code. Choose one of these methods:

Option A: Set Up Authenticator App (Recommended)

  1. Install an authenticator app on your phone:
  2. Google Authenticator (iOS/Android)
  3. Authy (iOS/Android/Desktop)
  4. 1Password (iOS/Android/Desktop)

  5. Microsoft Authenticator (iOS/Android)

  6. In Basin's MFA settings, expand "Get a code"

  7. Scan the QR code with your authenticator app
  8. Your app will start generating 6-digit codes that refresh every 30 seconds

Can't Scan the QR Code?

Click "Can't scan the QR Code?" to reveal the secret key. Manually enter this key into your authenticator app.

Option B: Email Verification

  1. In Basin's MFA settings, expand "Get a code"
  2. Click "Send a code to my email"
  3. Check your inbox for the verification code
  4. Codes sent via email are valid for a limited time

Step 3: Enable MFA

  1. Toggle the Enable switch to ON
  2. Enter the verification code from your authenticator app or email
  3. Click Save Changes

MFA is now active on your account!

Step 4: Choose Your Default Delivery Method

After enabling MFA, select how you want to receive codes when signing in:

  • Email my code - Receive codes via email (convenient, but requires email access)
  • Authenticator app - Use your authenticator app (more secure, works offline)

Click Save Changes to confirm your preference.

Signing In with MFA

Once MFA is enabled, the sign-in process changes:

  1. Enter your email and password as usual
  2. Click Submit
  3. You'll be prompted for your MFA code
  4. Enter the 6-digit code from your chosen method
  5. Click Submit again

You're now signed in!

Managing MFA Settings

Changing Your Default Method

You can switch between email and authenticator delivery methods:

  1. Go to Account SettingsMFA Settings
  2. Enter a verification code from your current method
  3. Select your new preferred Default delivery method
  4. Click Save Changes

Disabling MFA

If you need to disable MFA:

  1. Go to Account SettingsMFA Settings
  2. Enter a verification code
  3. Toggle the Enable switch to OFF
  4. Click Save Changes

Security Recommendation

We strongly recommend keeping MFA enabled to protect your account. Only disable it temporarily if absolutely necessary.

Changing Your Authenticator App

If you need to switch to a new phone or authenticator app:

  1. Go to Account SettingsMFA Settings
  2. A new QR code is always available in the "Get a code" section
  3. Scan this code with your new authenticator app
  4. Use the new app to generate codes going forward
App Platforms Backup Features
Google Authenticator iOS, Android Cloud backup available
Authy iOS, Android, Desktop Encrypted cloud backup, multi-device sync
1Password iOS, Android, Mac, Windows, Browser Built into password manager
Microsoft Authenticator iOS, Android Cloud backup, push notifications

Backup Recommendation

Use an authenticator app with cloud backup (like Authy or 1Password) to avoid being locked out if you lose your phone.

Troubleshooting

"Invalid MFA Code" Error

Authenticator App: - Verify your device's time is correct (TOTP codes are time-sensitive) - Wait for the next code cycle (codes refresh every 30 seconds) - Make sure you're using the code for Basin, not another service

Email: - Check your spam/junk folder - Request a new code (previous codes may have expired) - Verify you're checking the correct email address

Codes Not Working After Phone Change

If you got a new phone and your codes don't work:

  1. Check if your old phone still has the authenticator app
  2. Use email verification as a backup to access settings
  3. Re-scan the QR code with your new phone's authenticator app

Locked Out of Account

If you can't access your MFA codes:

  1. Try email verification: Click "Send a code to my email" on the sign-in page
  2. Use backup codes: If you saved backup codes, use one to sign in
  3. Contact support: Reach out to support@usebasin.com with proof of account ownership

Email Codes Not Arriving

  1. Check your spam/junk folder
  2. Add notifications@usebasin.com to your contacts
  3. Verify your email address is correct in account settings
  4. Try requesting a new code
  5. Contact support if issues persist

Security Best Practices

Account Security Checklist

  • [ ] Enable MFA on your Basin account
  • [ ] Use a strong, unique password
  • [ ] Use an authenticator app (more secure than email)
  • [ ] Back up your authenticator app or save recovery codes
  • [ ] Review connected OAuth providers periodically
  • [ ] Monitor your forms for unexpected changes
  • [ ] Sign out from shared devices

Password Security

In addition to MFA, protect your password:

  • Use at least 12 characters
  • Combine uppercase, lowercase, numbers, and symbols
  • Don't reuse passwords across services
  • Consider using a password manager

Recognizing Phishing Attempts

Basin will never: - Ask for your password via email - Ask for your MFA codes via email (except through the official sign-in flow) - Send unsolicited emails asking you to verify your account

If you receive suspicious emails claiming to be from Basin, do not click links. Go directly to usebasin.com instead.