Multifactor Authentication in CStoreOffice®
To enhance security and reduce the risk of unauthorized access, CStoreOffice® supports multifactor authentication (MFA, also known as two-factor authentication or 2FA). It provides an extra layer of protection beyond traditional passwords, making it more difficult for unauthorized users to gain access to the system, even if they obtain CStoreOffice® email and password.
By default, multifactor authentication is not enabled for existing accounts. To activate it, submit a support ticket through the Petrosoft AI Assistant.
MFA requires users to provide a one-time passcode (OTP) as a second authentication factor after signing in with their email and password. The OTP is generated through an authentication app installed on the user's mobile device.
Supported MFA apps
CStoreOffice® supports all authentication apps capable of generating time-based OTP, including:
- Google Authenticator (Android, iOS)
- Microsoft Authenticator (Android, iOS)
- FreeOTP (Android, iOS)
- Authy (Android, iOS, Windows, macOS, Linux)
- LastPass Authenticator (Android, iOS)
- Duo Mobile (Android, iOS)
For better security, avoid installing the MFA app on the same device that you use to access CStoreOffice®. This reduces the risk of both your credentials and MFA codes being compromised if the device is lost or stolen.
OTP codes are time-based, so it is essential to enable automatic time updates on your device. If the device's time is out of sync, the authentication app may generate an incorrect OTP, resulting in login failures.
Signing in with MFA
When enabled, multifactor authentication is automatically enforced for all users on your account.
- Sign in to Petrosoft Cloud with your email and password.
- Open your preferred MFA app and scan the QR code displayed on the screen. If you are unable to scan the QR code due to camera issues or other limitations, manually enter the activation code shown below the QR code.
- Open the linked account in the MFA app and note the 6-digit OTP code. The code may be displayed with spaces for readability, but when entering it in the verification field (see step 4), make sure there are no spaces between the digits.
- Enter the OTP code from the app (without spaces) in the Petrosoft Cloud authentication form and confirm it by clicking the Login / Submit button.
Scanning the QR code automatically links your MFA app to your Petrosoft cloud account. Once the app is linked, you will no longer be prompted to scan the QR code for future logins.
Only one MFA app can be linked to a user account at a time. If you lose your MFA device or accidentally remove the app, disconnect it from your account and set up MFA again with a new app. For detailed instructions, refer to Disconnecting and re-linking the MFA app below.
One-time codes used in MFA are valid for a short period (typically 30 seconds.) This short validity helps protect against attacks and unauthorized access.
The expiration countdown is usually displayed near the code. Always use the most recent code from the app.
Disconnecting and re-linking the MFA app
Only one MFA app can be linked to a user account at a time. If you lose your MFA device or accidentally remove the app, submit a support ticket through the Petrosoft AI Assistant to request the app be disconnected from your account.
Once the old app is disconnected, install the new MFA app on your device and re-link it to your account by scanning the QR code as described earlier.
Resetting the password
The linked MFA app will continue to function after you change the password in CStoreOffice®.
Simply sign in with the new password and enter the OTP code from the app in the Petrosoft Cloud authentication form.
Disabling MFA
To disable multifactor authentication for your account, submit a support ticket through the Petrosoft AI Assistant.
Please note that MFA will be disabled for all users on your account. Currently, it is not possible to disable MFA for individual users.