What is Multi-factor Authentication (MFA)?
Multi-factor authentication allows users to protect their account with an extra layer of security by requiring additional verification when logging in. This is to add another layer of protection to the data stored in your Shiftmove products. After MFA activation, all your Shiftmove accounts (Avrios, Vimcar (Fleet) Fahrtenbuch, Vimcar Fleet Geo) will only be available after entering your one-time passcode.
Types of MFA supported within Shiftmove products
Currently there are two methods of multi-factor authentication supported.
Email based
The user will receive a one-time passcode to the email address used in their Shiftmove ProfileTime-based one-time passwords (TOTP) using an application
The user will receive a one-time login code in an authenticator App such as Google Authenticator or others (Authy, Duo, etc.)
How to activate MFA
In order to activate MFA, go to your Shiftmove User Profile on profile.shiftmove.com, navigate to the Security section and start the MFA activation process by clicking the button.
You will get to a step where you will be asked to enter your current account password and can then select the desired MFA method from the two available options.
Activating email based protection
When opting for the email based MFA, you will receive a one-time password to the email connected with your account. Enter this code in the next step within your Shiftmove user profile to activate multi-factor authentication.
Tip: Add Shiftmove to your email contacts to avoid one-time password emails being marked as spam. This prevents problems when logging in.
Activating authenticator app based protection
When opting for the time-based one-time passwords with authenticator app, you will need to scan the QR code from the screen or alternatively copy the activation code from your Shiftmove Profile and paste it to your authenticator app. Enter the generated one-time passcode in the next step within your Shiftmove user profile to activate the multi-factor authentication process.
Recovery codes
After the activation of MFA, you will see a set of recovery codes. Keep these in a safe location. The recovery codes will allow you to log into the system in case you do not have or lose access to your email or authenticator app. In this case, the codes can function as one-time passcode.
Tip: Each recovery code can only be used once. Once you have used a recovery code, mark it as already used to prevent the same code from being entered again.
How to login into the system with activated MFA
Once MFA is activated for your account, for each login you will be asked to enter you email and password first. In addition, you will be asked to enter a one-time passcode. Depending on the protection method selected, this code will either be sent by email or generated by your authenticator app. Should your email or authenticator app be unavailable, please use one of your recovery codes in lieu of a newly generated one-time passcode.
How to deactivate MFA
In order to deactivate MFA, go to your Shiftmove User Profile on profile.shiftmove.com, navigate to the Security section and start the disabling process by clicking the button “Deactivate multi-factor authentication”.
You will get to a step where you will be asked to enter your current account password as well as a one-time passcode. Only then can you confirm the deactivation of MFA.
Frequently asked questions around MFA
How can I change my protection method from email to authenticator app (or vice versa)?
To change the MFA method, you need to disable the existing protection method first. Then you can activate it again, using the protection method of your choice.
I used up my recovery codes, how can I generate a new set?
In order to get new recovery codes, please deactivate your existing MFA protection. Reactivate it again. During this activation process, you will receive a new set of recovery codes. Please note that recovery codes should only be used as backup should you lose access to your authentication method. They are not meant to completely replace the one-time passcodes generated by your chosen MFA method.
I changed my mobile phone, what will happen to my account protection linked to the authentication app?
You need to migrate your codes to your new mobile phone. This is a quite common process, so all operators of authentication apps provide you with explicit instruction to follow. Please refer to your respective authentication app and their instructions.
I entered a one-time passcode, but Shiftmove says it is not correct.
Depending on your used protection method, there could be multiple reasons for that.
If you opted for email protection, please make sure to open the most recent email from Shiftmove and copy the newest code. Some email clients stack similar emails in one communication thread, so it can happen that you entered an outdated code.
If you opted for authenticator app protection, please make sure to enter your one-time code immediately after receiving it in your app. The codes are usually only active for a short period (around 30 seconds) and then a new code is generated.
Should neither of these tips help, try logging in with one of your recovery codes.
Should this not work for you either, please contact our customer support team for help.