Account Settings
      Back to home
      1. Knowledge Base
      2. Product Help
      3. Account Settings

      Secure your Swell account with multi-factor authentication (MFA)

      Register an authenticator app or phone number to verify your login

       

      Multi-factor authentication will be required beginning December 2024 for all Swell users. See the Requirements and Timeline section below for more information.

      Frequently Asked Questions about MFA

      Will I have to enter a code every time I log in?

      No, verification codes are required only infrequently. They are more likely to be required if you log in from a new device or an unfamiliar network.

       

      I share a Swell account with others, can we share our MFA verification?

      No, shared logins are not supported for security reasons. Please create one login for each person that needs to access Swell—there is no additional cost. Please see our article Adding and Removing Users for more information.

       

      Why is MFA required?

      Multi-factor authentication protects your account from unauthorized access to potentially sensitive data such as personally identifiable information (PII) or personal health information (PHI). It also protects the integrity of your communication channels.

      What is Multi-factor Authentication (MFA)?

      Multi-factor authentication (MFA) uses secondary verification to secure your Swell account from access by unauthorized parties. This protects that your sensitive data and communication channels. (Read more in our article: Account Security Best Practices).

      Setting up Multi-factor Authentication (MFA)

      When prompted to enroll in MFA, select Authenticator app or SMS and follow the onscreen instructions to enroll your account.

      Authenticator App Instructions

      Prefer to watch a video? We recommend this step-by-step guide for Google Authenticator from All Things Secured.

      1. If you don't already have one, install a TOTP authenticator app on your preferred verification device (usually your phone). You can find popular free options on the Apple App Store or Google Play Store including Microsoft Authenticator and Google Authenticator. Some paid password managers like 1Password also support this feature.
      2. In Swell, select the Authenticator app verification option. It will display a QR code. In your authenticator app, create a new entry and scan the QR code displayed in Swell. It will automatically register and display your one-time code. (If you can't scan the QR code, you can instead enter the private key into your authenticator app).
      3. In Swell, select Next and enter the one-time code displayed in your app, then submit it. Your code will refresh every 30 seconds, so if you miss the window simply try again with the next code that appears; there is no need to refresh Swell.
      4. Swell will display a confirmation once your setup is complete. You will not need to enter a code again for some time (usually several weeks) unless you log in from a new device or a new location.

      SMS Instructions

      1. This setup requires a U.S. phone number that can receive text (SMS) messages. International numbers are not supported at this time.
      2. In Swell, select the SMS verification option. Enter your phone number and submit it.
      3. You will receive a text message with a one-time numerical code. It can take a moment to arrive, but should generally appear within 30 seconds. Enter this code in the field in Swell and submit it.
      4. Swell will display a confirmation once your setup is complete. You will not need to enter a code again for some time (usually several weeks) unless you log in from a new device or a new location.

      Updating your MFA preferences

      You can update your multi-factor authentication (MFA) settings under Settings > User Settings > Profile > Multi-Factor Authentication.

      Requirements and Timeline

      Beginning in November 2024 MFA was rolled out progressively to Swell customers. When your organization is eligible, you will be prompted to optionally enroll the next time you log in.

      Beginning December 2, 2024 MFA will be required for all Swell logins. Customers who have not already enrolled will be required to enroll the next time they log in.

      Account Recovery

      In the event you lose access to your device or authentication app and need to recover access to your Swell account, please call our Support team.

      Managing authentication via a federated identity provider (IDP)

      Organizations that require their users to log in via a federated identity provider such as Microsoft Entra or Google Workspace have the option to disable Swell MFA. See the following article for more details:

      Manage authentication via your federated identity provider (IDP)