Overview
Multi-Factor Authentication (MFA) adds an extra layer of security to your Fieldwire account. In addition to your email and password, you verify your identity using a time-based one-time password (TOTP) generated by an authenticator app.
Why this matters: MFA helps protect sensitive project data even if your password is compromised.
- Platforms: Web (setup required), iOS, Android (login supported)
- Permissions: All users can enable MFA (non-SSO)
Who Can Use MFA?
- Any Fieldwire user (except SSO users) can enable MFA from their Profile Settings.
- Account owners can require MFA for all users on their account.
- SSO users: MFA is managed by your company's identity provider and is not configurable in Fieldwire.
Supported Authentication Methods
- Authenticator apps (TOTP): Google Authenticator, Microsoft Authenticator, Authy, Duo, etc.
- Recovery codes: 10 one-time-use backup codes generated during setup.
How to Set Up MFA
IMPORTANT: MFA setup is only available on the Fieldwire web app.
- Click on your name in the upper right-hand corner
- Select Edit profile
- Click Enroll MFA.
- Scan the QR code with your authenticator app, or enter the setup key manually.
- Enter the 6-digit code from your authenticator app.
- Save your recovery codes (shown one time only).
Result: MFA is now enabled and required for all future logins.
Important: Once MFA is enabled, only an account administrator can reset it.
Logging In with MFA
- Enter your email and password.
- Enter the 6-digit code from your authenticator app.
Alternative: If you don't have your authenticator app, select Use a recovery code.
Account Lockout Behavior
- After 5 failed attempts, your account is locked for 30 minutes.
- Failed TOTP and recovery code attempts count toward the same limit.
- The attempt counter persists across login sessions.
- The lockout duration does not extend with additional attempts.
Recovery Codes
- You receive 10 recovery codes during setup.
- Each code can only be used once.
- You can regenerate codes from your Profile Settings (web only).
- Regenerating codes invalidates all previous codes.
What If I Lose Access to MFA?
If you no longer have access to your authenticator app or recovery codes:
- Contact your account administrator.
- An admin can reset your MFA enrollment.
After reset:
- You can log in with email and password only.
- You can re-enable MFA afterward.
Account-Level MFA Enforcement
Account Owners (and Managers) can require MFA for all users across their account.
To do so, they need to:
- Navigate to the Account tab
- Click Enable multi-factor authentication
- IMPORTANT: Read the requirements of enabling MFA across your account
- Click the checkbox acknowledging that you understand that all account users and invited project users will be required to use MFA to access [your] projects and certain account-level pages.
- Click Enable MFA
When enabled, MFA is required to access:
- All projects on the account
- Account settings (Dashboard, People, Templates, Integrations)
Users who do not have MFA enabled will be prompted to enroll before accessing these areas.
Note: SSO users are exempt from this requirement.
Troubleshooting MFA
Invalid TOTP code
Cause: Code does not match the expected value.
- Ensure you're using the correct authenticator entry.
- Wait for the code refresh (every 30 seconds).
- Set your device time to automatic/network time.
Invalid recovery code
Cause: Code is incorrect, used, or expired.
- Check for typos (codes are case-sensitive).
- Use a code from your latest generated set.
- Each code can only be used once.
Account locked
Cause: Too many failed MFA attempts.
- Wait 30 minutes before trying again.
- Log in again to receive a new MFA challenge.
Session expired
Cause: MFA session timed out (5 minutes).
- Log in again to restart the process.
MFA already enabled
Cause: MFA is already active on your account.
- No action needed unless re-enrollment is required.
SSO users cannot enroll
Cause: Your account uses SSO.
- Contact your IT team to manage MFA through your identity provider.
MFA on Mobile
If MFA is enabled, you must verify your identity when logging in on mobile, just like on web.
Note: MFA setup must be completed on the web app.
Log in on Mobile
- Open the Fieldwire app and enter your credentials.
- Enter the verification code from your authenticator app.
Use a Recovery Code
- Select Use recovery code on the verification screen.
- Enter a valid unused code.
Important Notes
- Sessions expire after 5 minutes.
- Failed attempts persist across sessions.
- Starting a new login does not reset attempts.
- Older app versions may not support MFA correctly.
Best Practices
- Store recovery codes securely (password manager recommended).
- Regenerate recovery codes when running low.
- Keep your device time synced automatically.
- Remove outdated authenticator entries to avoid confusion.