Skip to main content
Skip table of contents

Multi-Factor Authentication (MFA)

Secure your Piano account with an extra layer of protection. Multi-factor authentication (MFA) requires more than just a password to log in – keeping your data safer.

What is MFA?

MFA adds a verification step to your login process. Instead of just entering your password, you'll confirm your identity using a second method – like a code from your phone.

How to enable MFA

MFA is activated at the domain or subdomain level. You'll need to own the domain where you want MFA enabled.

To get started

  1. Contact our Support team – MFA setup isn't available in the interface yet

  2. Confirm you own the domain or subdomain

  3. Choose whether to enable "remember this device for 30 days" (optional)

Supported authentication methods

Piano supports two authentication factors that work together:

  • One-time passwords (OTP) – Generated through an authenticator app like Google Authenticator

  • Recovery codes – Backup codes you can use if you lose access to your authenticator app

Both factors are activated together. You can't enable one without the other.

Setting up MFA for the first time

Once MFA is enabled for your domain, you'll be prompted to enroll the next time you log in.

  1. Enter your email and password

  2. Scan the QR code with your authenticator app

  3. Enter the 6-digit code from your app

  4. Save your recovery codes in a secure location

image-20260209-132702.png

Logging in with MFA

After enrollment, every login requires two steps:

  1. Enter your email and password

  2. Enter the 6-digit code from your authenticator app

If you selected "remember this device," you won't need to enter a code for 30 days on that device.

image-20260209-132724.png

Resetting MFA

Lost your phone or authenticator app? Contact our Support team to reset your MFA settings.

Once we've reset your account, you'll be prompted to set up MFA again at your next login.

Password requirements

Create a strong password with:

  • 8 characters minimum (no maximum)

  • At least one lowercase letter (a-z)

  • At least one uppercase letter (A-Z)

  • At least one number (0-9)

  • At least one special character (!@#$%^&*)

Security note: Your account locks automatically after 10 failed login attempts from the same email and IP address combination.

Pricing

MFA is included at no additional cost.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close