This guide provides technical specifications for the operational procedure of accessing an IUSign account when Multi-Factor Authentication (MFA) has been enabled.
Prerequisites
- Active IUSign account with Multi-Factor Authentication (MFA) enabled.
- Mobile device with a synchronized TOTP (Time-based One-Time Password) application.
- Access to secure recovery codes (for emergency bypass).
Strategic Overview
When MFA is active, the IUSign authentication protocol requires the successful validation of two distinct identity factors. This possession-based verification (the TOTP code from your mobile device) ensures that even if your primary credentials (Password) are compromised, your account remains secure. This protocol is a fundamental component of the IUSign Zero-Persistence security model.
Implementation Sequence
1. Primary Identity Handshake
Access the IUSign login gateway and provide your registered email address and security credential. Upon successful primary validation, the platform will automatically issue an MFA challenge.
2. Retrieval of the Cryptographic Code
Open the TOTP authenticator application on your mobile device (e.g., Google Authenticator) and locate the entry for IUSign.
[!NOTE] TOTP codes are ephemeral and regenerate every 30 seconds. Ensure you utilize the code currently displayed on your screen before the temporal window expires to avoid a verification mismatch.
3. Second-Factor Verification
Input the 6-digit verification code into the platform's challenge interface and select Verify & Login. Upon successful cryptographic matching, the system authorizes the session and issues a secure JWT.
Session Persistence and Trusted Devices
The platform allows for the designation of "Trusted Devices" to optimize the user experience without compromising overall security posture:
- Trust Duration: You may select Remember this device for 30 days to suppress the MFA challenge on the current browser for one month.
- Cryptographic Anchoring: This persistence is anchored to a secure, encrypted cookie on your local machine. Clearing browser cache or cookies will re-initialize the MFA requirement for that device.
[!CAUTION] Never enable device trust on public, shared, or non-managed hardware. This feature should be reserved exclusively for verified corporate or personal devices under your direct control.
Emergency Recovery Protocol
In the event of a lost or inaccessible MFA device, utilize the following restoration sequence:
- On the MFA challenge interface, select Use Recovery Code.
- Input one of your previously saved 8-character recovery codes (e.g.,
ABCD-1234). - Select Verify.
[!IMPORTANT] Recovery codes are single-use assets. Once a code is utilized, it is immediately decommissioned. It is recommended to regenerate your recovery codes if your inventory falls below three active codes.
Diagnostic and Resolution Protocols
| System Exception | Probable Cause | Resolution Protocol |
|---|---|---|
| Invalid verification code | Temporal desynchronization | Ensure your mobile device time is synchronized with Global Network Time (NTP). |
| MFA challenge loop | Cookie corruption | Clear browser cookies and restart the primary authentication sequence. |
| Verification timeout | Network latency | Ensure a stable connection and input the code immediately upon generation. |