Skip to content

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an extra security layer to your OpenCVE account. In addition to your password, you must confirm login with a one-time code (OTP).

This is important for companies as it helps protect sensitive vulnerability data, even if a password is leaked or reused.

Enable MFA on your account

To enable MFA, go to your account settings page: https://app.opencve.io/settings/2fa/

Activate MFA

On this page:

  1. Click Activate.
  2. Scan the QR code with your authenticator app.
  3. Enter the OTP code shown by your app.
  4. Confirm activation.

Once MFA is enabled, each new login will require your one-time OTP code.

MFA Validation

MFA Enforcement for organizations

Enterprise Cloud only

MFA Enforcement is available only on the Enterprise plan of the OpenCVE.io Cloud offering.

Organization owners can enforce MFA for all members of their organization.

To enable it:

  1. Go to your organization settings.
  2. Open the General tab.
  3. In the MFA Enforcement section, enable Require MFA for all members.
  4. Save your changes.

MFA Enforcement

After MFA Enforcement is enabled, users who did not activate MFA can no longer browse OpenCVE pages. They are automatically redirected to the MFA activation page until MFA is enabled on their account.