In this article
Multi-factor Authentication (MFA)—also called Two-factor authentication or Two-step authentication—is a way to secure your DNSFilter account further by requiring more than just a username and password.
MFA uses any device capable of generating a Time-based One-Time Password (TOTP) authentication code, such as Google Authenticator, Authy, or Duo authenticators. As of 1 July 2025, new accounts have the option for email authentication as well.
For existing accounts, DNSFilter offers MFA enablement on the Account and Organization level.
MFA enforcement
As of 1 July 2025, MFA is enforced for all new DNSFilter accounts. This enhances security and protects our users' accounts from unauthorized access. Follow in-app instruction to complete the initial email setup. Change MFA settings from Account Security settings.
Update account multi-factor authentication
Follow these steps to enable (existing account) / update (new accounts) MFA on your DNSFilter account. This process requires access to your chosen MFA app and mobile phone.
- From the DNSFilter dashboard, select your Account icon
- Select Account Settings
- Select Account Settings
- Under Security, select Enable Multi-Factor Authentication
- Select Set up using an app
Continue following the in-dashboard instruction to enable the multi-factor authentication.
Enable organization multi-factor authentication
User accounts with Admin permissions or higher can enable MFA for their users from the DNSFilter dashboard. This feature is not available for new accounts started on or after 1 July 2025 because MFA is enforced at the account level. Organization enforcement is not necessary.
🚨 Important: Setup MFA from your own Account before enabling for the organization. If it is not setup on your account, toggling this switch will immediately log you out of the app and prompt you to setup MFA to access the dashboard.
Once enabled, users are prompted to enable MFA for their account on their next login.
- From the DNSFilter dashboard, select Organization (or MSP)
- Select Settings
- Toggle Require two-factor authentication on
- Users will receive a prompt to enable MFA when they next login
- Users will receive a prompt to enable MFA when they next login
The user's Multi-Factor Auth status will be Pending until they login and complete the MFA setup.
To check a user's status, Navigate to Organization and select Users.
Reset multi-factor authentication
Owners and Admins follow these steps to reset a user's MFA for accounts with org-wide managed MFA enabled.
✍️ An account Owner must submit a Support request for assistance in resetting their own MFA if org-wide management is in place. For accounts started on or after 1 July 2025, MFA resets are managed through the TOTP tool, not DNSFilter.
- From the DNSFilter dashboard, select Organization (or MSP)
- Select Users
- Navigate to the user that requested the reset
- Select the lock icon under Actions
The user's MFA is now reset. They'll receive a prompt to re-authorize their MFA when they next login.
Comments
2 comments
This only works at the user level - not the full MSP admin level (unlock is greyed out)
Nice catch, Tony Hogan : this is a designed feature to prevent an account owner from locking themself out of the account. I see you already engaged out Support team to help reset your 2FA, which is the correct next step: they'll help you complete that task!
I'll add a note for clarification to this article as well—thank you for making our documentation better!
Please sign in to leave a comment.