As a user in Control Center, you are automatically set up with email verification as your multi-factor authentication (MFA). You can add additional methods for MFA from the Manage authentication option in your Profile menu. You can add an authenticator app, a passkey, or both. You can also remove methods (at least one is required) and rename the MFA options.

Add an MFA method

The three types of MFA allowed for Control Center are:

• Email—This is the default option for all users.
• Authenticator App—Use a Time-based One-Time Password (TOTP) authenticator app of your choice, such as Google Authenticator or Microsoft Authenticator, to access your account with the added security of multi-factor authentication.
• Passkey—Use your passkey device to authenticate.

If you define more than one method, you will see the choice of authentication methods when you log in.

📘

Pismo recommends that once you add a more secure MFA method, you should remove the email verification method from your authentication list. Refer to Remove an authentication method for details.

Add an Authenticator app

You can add any TOTP authenticator application, such as Google Authenticator or Microsoft Authenticator, to access your Control Center account. To do this, you need to first download the authenticator application and then register or pair it with your account. Pairing creates a trust between your authenticator application and your account so that you can use it to authenticate when you log in.

To add an authenticator application as a log in authentication option:

1. Download the authenticator application of your choice to your mobile device.
2. Log into Control Center and on your profile menu, select Manage authentication. You can view the profile menu from the profile icon (the person) in the top-right corner of the header.
3. On the Authentication screen, select Add Method.
4. On the Select Method pop-up pane, select Authenticator App. An Authenticator App pairing pane displays with a pairing QR code.
5. Scan the QR code with the authenticator application and enter the code.
6. Select Finish. Your authenticator application is now paired with your account and it will display in the authenticator as Pismo Control Center: username.
   • You will receive an email to the email address associated with your Control Center user with the subject "New authentication device added". No action is needed as it is just a confirmation that you have added an authenticator application to your account.
   • The next time you log in to Control Center, you will see the authentication option Authenticator app. You can change this option name, if you'd like.

Add a passkey

A passkey is a Fast Identity Online (FIDO2) authentication method that allows you to log in to applications and websites with the same method you use to unlock your device, such as biometrics, PIN, or pattern. Passkeys are strong, password-less secondary authentication using public key cryptography credentials.

Passkeys are considered the most secure of the three authentication methods for Control Center. There are a number of benefits of using FIDO2 passkeys:

• Stronger security—Passkeys are considered significantly resistant to phishing attacks.
• Improved user experience—Passkeys are a more convenient and streamlined option for MFA authentication.
• Standardized and interoperable—FIDO2 is an open standard that allows for interoperability between devices and platforms.

To add a passkey as a log in authentication option:

1. Log into Control Center and on your profile menu, select Manage authentication. You can view the profile menu from the profile icon (the person) in the top-right corner of the header.
2. On the Authentication screen, select Add Method.
3. On the Select Method pop-up pane, select Passkey.
4. On the Create a passkey prompt pop-up, select Continue.
5. You device will display a prompt for you to select the passkey option available on your device (fingerprint, password, etc.). Select one. A confirmation message is briefly displayed to indicate you have added a passkey and it is listed in the authentication methods list.

Your passkey is now associated with your account. This passkey is only saved on the device on which you created it.

• You will receive an email to the email address associated with your Control Center user with the subject "New authentication device added". No action is needed as it is just a confirmation that you have added a FIDO2 passkey to your account.
• The next time you log in to Control Center, you will see the authentication option Passkey. You can change this option name, if you'd like.

Rename an authentication method

You have the option to rename an authentication method. For example, you can change the default "Authenticator app" to the name of the specific application, such as "Google Authenticator".

To rename an existing authentication method from your authentication list:

1. On your profile menu, select Manage authentication. You can view the profile menu from the profile icon (the person) in the top-right corner of the header.
2. On the Authentication screen, select the More actions menu next to the method you want to rename and select Edit name.
3. Enter the new name and select the checkmark. A success message briefly displays and the new name is displayed in the authentication methods list.

Remove an authentication method

You can, at any time, remove an authentication method from your profile. However, at least one method is required. Therefore, if you currently only have one authentication option, you must add another before you can remove the first one.

To remove an existing authentication method from your authentication list:

1. On your profile menu, select Manage authentication.
2. On the Authentication screen, select the More actions menu next to the method you want to delete and select Remove.
3. Select Remove at the confirmation prompt. A success message briefly displays and the selected method is immediately removed from the authentication methods list.