Hi. How can we help?

Multi-factor authentication (MFA) in Retail POS (X-Series)

Multi-factor authentication (MFA) provides a more secure login process and adds an extra layer of security to your user accounts. Reduce the risk of internal/external fraud, identity theft, and protect your business from attacks that may compromise your data by enabling multi-factor authentication.

Understanding multi-factor authentication (MFA)

To improve security for Lightspeed Retail user accounts, multi-factor authentication is now mandatory for Admin users (including Account Owners).

Multi-factor authentication is now available for all users to set up in their user accounts. To better protect merchant accounts and improve security for user accounts with high-privileged access, Admin users are required to set up multi-factor authentication (MFA) on their accounts and verify their email address.

Why is multi-factor authentication mandatory for Admin users?

Multi-factor authentication is recommended for all users but required for Admin users (including Account Owners), as Admins have full access to view and edit all stores within the account. If an Admin user becomes compromised, all account data can be accessed and altered. MFA helps keep your account more secure.

When and how do I set up MFA on my Admin account?

If you're an Admin-level user, you will have 14 days to set up MFA on your account. To get set up, you can follow the instructions below or follow the prompts in Retail POS that will appear every time you log in until the end of the 14-day period.

What happens if I don’t set up MFA on my Admin account in 14 days?

If you’re an Admin user and haven’t set up multi-factor authentication on your account after the 14-day period ends, the next time you log in you will need to set up MFA before you can continue using Retail POS.

Using multi-factor authentication

When enabled, multi-factor authentication will:

  1. Require the user to input their existing password when logging in or switching users. Entering a password will trigger a password check and if the password has been compromised, the user will be notified and prompted to change their password.
  2. Require the user to input a six-digit authentication code generated by an authorized third-party authentication app.
  3. Inform users of changes to their password, email address, and MFA setup via email notifications sent to the email address associated with their user account (or the Account Owner if an email address has not been added to the account).

As of April 30th, 2021, it is mandatory for all Australia-based Retail POS retailers integrated with Xero to use multi-factor authentication for Admin users to comply with Xero's global security standards.

Setting up multi-factor authentication

To set up multi-factor authentication for a Retail POS account:

  1. Log in to Retail POS using the account you’d like to set up MFA on.
  2. In Retail POS, navigate to Setup > Users and click the user.
  3. Scroll down to Security and ID > Multi-factor authentication and click Set up multi-factor authentication.

    Retail-X-MFA-1.png

  4. Click Get started.

    Retail-X-MFA-2.png

  5. Enter your password and click Next.

    Retail-X-MFA-3.png

  6. On your phone, download an authentication app like Authy, Google Authenticator, or Microsoft Authenticator and follow the steps to get set up.
  7. In the authentication app, scan the QR code or enter the text code found in Retail POS.

    Retail-X-MFA-4.png

  8. In Retail POS, click Next.
  9. Enter the authentication code displayed in the app, then click Confirm.

    Retail-X-MFA-5.png

  10. Print, Copy, or Download your recovery codes and keep them somewhere safe and secure.

    Retail-X-MFA-6.png

    Recovery codes are used to access your account if you can’t access your authentication app or code.

  11. You will receive an email confirming you've enabled multi-factor authentication on your account. Admin users will need to click the Verify email address button in the email. If there is no email address associated with the account, the notification will be sent to the Account Owner.
  12. In Retail POS, click Done to finalize setup.

Multi-factor authentication will now show as active on the User page with options to Reset or Remove multi-factor authentication if needed.

Logging in with multi-factor authentication

You will be prompted to enter your username, password, and authentication code when logging in to the sign in page or when switching users.

  1. On the sign in page, enter your Store URL and click Next.
  2. Enter your Username and Password, then click Sign in.
  3. Your password will be checked and if it's been compromised, you'll be notified and prompted to change your password immediately or temporarily ignore the notification.
  4. Open the authentication app on your phone to generate an authentication code.
  5. In Retail POS, Enter your authentication code generated by the app.

    Retail-X-MFA-10.png

    You can chose to have Retail POS Remember me on this device for 30 days. If this box is checked, you'll still need to enter your username and password when logging in. After the 30 day period, you'll need to enter an authentication code again.

  6. Click Sign in.

If you have lost or changed your device or can no longer access the authentication app registered to your Retail POS account, you'll need to complete an account recovery using the steps below.

Recovering accounts with multi-factor authentication

You can recover an account with multi-factor authentication enabled using the recovery codes you saved during the setup process. There are 12 codes in total and each can be used once. When a code is used, it will no longer be valid and you'll need to use another code from the list next time.

To recover an account using a recovery code:

  1. On the sign in page, enter your Store URL and click Next.
  2. Enter your Username and Password, then click Sign in.
  3. In the authentication modal, click I can't access my authenticator app.

    Retail-X-MFA-15.png

  4. Copy an unused recovery code from your previously saved list and enter it in the Recovery code field.

    Retail-X-MFA-11.png

  5. Click Sign in.
  6. Follow the steps in the section below to reset multi-factor authentication on your account.

If you've lost access to your recovery codes, you'll need to contact an Admin or Account Owner to reset or remove multi-factor authentication from your account. They will need to login to their account and follow the steps in the sections below.

If you've lost access to your recovery codes and you're an Account Owner, you'll need to contact Retail Support using the registered Account Owner email address. We can only proceed with account recovery requests approved using the Account Owner account registered email address.

Resetting multi-factor authentication

To reset multi-factor authentication after recovering an account:

  1. Navigate to Setup > Users and click the user.
  2. Scroll down to Security and ID > Multi-factor authentication.
  3. Click Reset multi-factor authentication setup.

    Retail-X-MFA-16.png

  4. Click Get started.
  5. Enter your password and click Next.
  6. From your authentication app, scan the QR code or enter the text code found in Retail POS. Your authentication app may show a warning and ask if you would like to Continue. This will reset the connection and generate a new code.
  7. In Retail POS, click Next.
  8. Enter the new authentication code displayed in the app, then click Confirm.

    Retail-X-MFA-5.png

  9. Save the new recovery codes and keep them somewhere safe and secure.
  10. You will receive an email confirming the changes made to multi-factor authentication on your account. If there is no email address associated with the account, the notification will be sent to the Account Owner.

Removing multi-factor authentication

To remove multi-factor authentication from an account:

  1. Navigate to Setup > Users and click the user.
  2. Scroll down to Security and ID > Multi-factor authentication.
  3. Click Remove multi-factor authentication.

    Retail-X-MFA-13.png

  4. In the You are about to remove multi-factor authentication modal, click Next.

    Retail-X-MFA-12.png

  5. Enter your password, then click Remove multi-factor authentication.

    Retail-X-MFA-14.png

  6. The user will receive an email confirming the changes made to multi-factor authentication on their account. If there is no email address associated with the account, the notification will be sent to the Account Owner.

Multi-factor authentication can be set up again by following the steps for Setting up multi-factor authentication above.

Troubleshooting multi-factor authentication

Error: Invalid authentication code entered. Please try again.

If the code entered during the Enter your authentication code step is not being recognized by Retail POS, try these troubleshooting steps:

Generate a new code

On the authentication app, wait until the authentication code has timed out and a new code is generated.

You may need to quit and reopen your authentication app.

When ready, input the new code during the Enter your authentication code step.

Correct the timing sync

If generating a new code is unsuccessful, the timing sync between your app and Retail POS may be uncalibrated.

First, navigate to your Date and time settings on your phone and set to Automatic or Network. Then, if you're using Google Authenticator, go to the main menu and click Settings > Time correction for codes > Sync now.

The sync will only affect the internal time of your authentication app, not your device’s Date and time settings.

Reset multi-factor authentication

If the multi-factor authentication on your account has recently been reset, you'll have to set up MFA on your account again and complete steps in the section Resetting multi-factor authentication above. Afterwards, quit and reopen your authentication app to generate a new code.

If you're having trouble accessing your account, you may need to follow the steps in Recovering accounts and Resetting multi-factor authentication sections above.

Error: Unable to change users or Looks like we're having some server issues

For users that haven't logged in since multi-factor authentication was released, old versions of the Retail POS login page saved in your browsers' cache may be causing connection issues.

To fix this, navigate to your browsers' cache settings and clear the cache. If you're using Google Chrome:

  1. In Chrome, click the 3 dots at the top right > Clear browsing data.
  2. Select a Time Range from the dropdown and check Cookies and other site data and Cached images and files.
  3. Click Clear data.

Once the cache has been cleared, navigate back to the sign in page and log in as per usual.

Was this article helpful?