At Alvys, security is one of our top priorities. We already apply industry-standard, commercially reasonable security controls, and as part of our ongoing commitment to go above and beyond, we are rolling out multi-factor authentication (MFA) across the platform.
MFA provides an additional layer of protection for your account by requiring something you know (your password) plus something you have (such as a code, app, or biometric verification).
📅 Rollout Timeline
Here’s what you can expect:
Saturday, Sept 27, 2025 (after 12:00 PM UTC)
We will begin enabling adaptive MFA powered by AI-driven risk detection. This system continuously analyzes login activity to determine whether MFA is needed, based on signals such as:
New or unrecognized devices
Location anomalies (e.g. impossible travel between logins)
Untrusted or suspicious IP addresses
Throughout October 2025
Adaptive MFA will expand to more accounts in phases. If your account is included, you’ll be prompted to set up MFA when you log in.
End of October 2025
MFA becomes required for all users. Every account must have MFA configured to log in.
⚙️ How Multi-Factor Authentication (MFA) Works
Log in with your username and password.
You’ll be prompted to set up MFA.
Choose at least one of the following methods:
Authenticator App (Google Authenticator, Authy, Microsoft Authenticator, 1Password, etc.)
Phone (SMS code)* - Only available in a limited number of countries.
Security Key (YubiKey, Feitian, or another FIDO2/WebAuthn device)
👉 We recommend setting up more than one method so you always have a backup.
📌 Setting Up MFA
We recommend setting up more than one method to avoid being locked out if you lose a phone or device.
Option 1: Authenticator App (Recommended)
Select Authenticator App when prompted.
Download an app (Google Authenticator, Authy, Microsoft Authenticator, 1Password, etc.).
Scan the QR code in Alvys (or enter the code manually).
The app will start generating 6-digit codes every 30 seconds.
Enter the code in Alvys to complete setup.
✅ Next time you log in, just open your app and enter the code.
Option 2: Phone (SMS)
Select Phone (SMS) when prompted.
Enter your mobile number.
You’ll receive a 6-digit code via text message.
Enter the code in Alvys to complete setup.
📌 Note: SMS is less secure than an authenticator app and is only available in the supported countries listed below. We recommend using it as a backup method.
Option 3: Security Key
Select Security Key when prompted.
Insert or tap your hardware key (YubiKey, Feitian, etc.).
Follow the on-screen instructions.
✅ Next time you log in, just use your key to verify.
❓ Frequently Asked Questions (FAQ)
Q: Do I need to enable MFA right away?
A: Not immediately. MFA will be introduced in phases beginning Sept 27, and will become required for all users by the end of October.
Q: What if I travel frequently — will MFA block me from logging in?
A: No, you’ll still be able to log in. If you travel often, our adaptive MFA system may prompt you more frequently since it detects logins from new or unusual locations. Once you’ve set up MFA, you can always complete the login by entering your code or using your chosen method. It may add an extra step while on the road, but it will not prevent you from accessing your account.
Q: What happens if I don’t set up MFA?
A: You will not be able to access your Alvys account once MFA enforcement is complete at the end of October.
Q: Can I set up more than one MFA method?
A: Yes, we recommend setting up at least two methods (e.g., Authenticator App + SMS) for backup access.
Q: What if I lose my phone or security key?
A: Use another MFA method you’ve configured. If none are available, contact Alvys Support to regain access.
Q: Will MFA be required every time I log in?
A: Not necessarily. With adaptive MFA, you’ll be prompted when certain risk conditions are detected — for example, logging in from a new device, a new location, or an untrusted network. If you log in regularly from a recognized device and location, you may not be asked for MFA every time. Once MFA is fully enforced for all users, you can still expect fewer prompts on trusted devices, but MFA will remain part of the login flow when risk signals are present.
Q: Can service accounts use MFA?
A: MFA is designed for human user logins, not shared or service accounts. Service accounts should be limited strictly to integrations and automations that cannot use a standard user login. For these cases, we recommend securing the credentials with a third-party password management tool that supports 2FA codes (such as Keeper, 1Password, or similar). All other users should log in with their own individual credentials and configure MFA.
Q: What should I do if I didn’t receive the SMS code?
A: First, confirm that SMS authentication is supported in your country. SMS-based MFA is only available in the following countries:
Afghanistan, Bosnia and Herzegovina, Bulgaria, Canada, Colombia, Egypt, Germany, India, Ireland, Jamaica, Lithuania, Mexico, Moldova, Morocco, Netherlands, North Macedonia, Norway, Philippines, Poland, Serbia, Spain, Turkey, Ukraine, United Kingdom, United States, Uzbekistan.
If you’re in one of these countries, check that you have mobile coverage and click Resend Code to trigger a new message. Some carriers may delay delivery — if the problem persists, try setting up and using an authenticator app instead.
Q: What if my authenticator app isn’t working?
A: This is often caused by time synchronization issues. Make sure your phone’s date and time are set to automatic. If issues continue, try removing and re-adding your Alvys account in the authenticator app.
Q: What if I lost my phone or security key?
A: If you set up multiple MFA methods, you can use a backup method to log in. If you cannot log in at all, please contact Alvys Support to reset your MFA.
Q: What should I do if I’m completely locked out of my account?
A: Contact Alvys Support through the in-app messenger or at [email protected] for assistance.