Chat with us, powered by LiveChat

Security & Multi-Factor Authentication

Secure your DrillerDB account with MFA, passkeys, and other security features

Security & Multi-Factor Authentication

DrillerDB provides security controls to protect your account and company data. This guide covers setting up multi-factor authentication (MFA) and managing account security settings.

Quick Start: Enable MFA

  1. Go to Settings > Security
  2. Click Enable Multi-Factor Authentication
  3. Choose method: Authenticator App (recommended) or Passkey
  4. Complete setup verification
  5. Save backup codes securely

Always generate and save backup codes after enabling MFA. These are your only way to recover account access if you lose your phone or authenticator app.

Step-by-Step Workflow

  1. Go to Settings > Security
  2. Click Enable Multi-Factor Authentication
  3. Choose method: Authenticator App (recommended) or Passkey
  4. Complete setup verification
  5. Save backup codes securely

Multi-Factor Authentication (MFA)

MFA adds an extra layer of security beyond your password. Even if someone obtains your password, they can't access your account without the second factor.

Available MFA Methods

DrillerDB supports three MFA methods:

1. Authenticator App (TOTP)

Use an authenticator app like Google Authenticator, Authy, or 1Password to generate time-based one-time passwords.

Setup:

  1. Go to Settings > Security
  2. Click Enable Authenticator App
  3. Scan the QR code with your authenticator app
  4. Enter the 6-digit code from the app to verify
  5. Save your backup codes securely

Benefits:

  • Works offline
  • Compatible with any TOTP authenticator
  • Codes refresh every 30 seconds

2. Passkeys (WebAuthn)

Passkeys provide passwordless authentication using biometrics (fingerprint, face) or hardware security keys.

Setup:

  1. Go to Settings > Security
  2. Click Add Passkey
  3. Follow your browser/device prompts to create a passkey
  4. Name your passkey for identification (e.g., "MacBook Touch ID")

Benefits:

  • Phishing-resistant authentication
  • No codes to enter
  • Works across devices with synced passkeys (iCloud, Google Password Manager)
  • Supports hardware keys like YubiKey

Supported Passkey Types:

  • Touch ID (Mac)
  • Face ID (iPhone/iPad)
  • Windows Hello
  • Android biometrics
  • Hardware security keys (FIDO2)

3. Backup Codes

One-time use codes for emergency account access when other methods aren't available.

Setup:

  1. MFA must be enabled first
  2. Go to Settings > Security
  3. Click Generate Backup Codes
  4. Save or print the 10 codes
  5. Store securely (not on your computer)

Usage:

  • Each code can only be used once
  • Generate new codes anytime (invalidates old codes)
  • Use only when other MFA methods fail

Setting Up MFA

First-Time Setup

  1. Navigate to Settings > Security
  2. Click Enable Multi-Factor Authentication
  3. Choose your primary method (Authenticator App recommended)
  4. Complete the setup verification
  5. Generate and save backup codes

Adding Additional Methods

After enabling MFA, you can add more methods:

  • Multiple passkeys (one per device)
  • Both authenticator app and passkeys for flexibility
  • Backup codes always available as fallback

Requiring MFA for Your Company

Administrators can enforce MFA for all users:

  1. Go to Settings > Security > Company Security
  2. Enable Require MFA for all users
  3. Set grace period for existing users to set up MFA
  4. Users without MFA will be prompted at next login

Signing In with MFA

With Authenticator App

  1. Enter your email and password
  2. Open your authenticator app
  3. Enter the current 6-digit code
  4. Click Verify

With Passkeys

  1. Enter your email
  2. Click Sign in with Passkey
  3. Complete biometric verification (Touch ID, Face ID, etc.)
  4. You're signed in (no password needed)

With Backup Code

  1. Enter your email and password
  2. Click Use backup code below the code field
  3. Enter one of your backup codes
  4. The code is now used and can't be reused

Managing Security Settings

Viewing Active Sessions

See all devices currently signed into your account:

  1. Go to Settings > Security > Active Sessions
  2. View device type, location, and last activity
  3. Click Sign out to end any session remotely

Revoking Passkeys

Remove a passkey if a device is lost or compromised:

  1. Go to Settings > Security > Passkeys
  2. Find the passkey to remove
  3. Click Revoke
  4. The passkey can no longer be used to sign in

Regenerating Backup Codes

If you've used or lost your backup codes:

  1. Go to Settings > Security
  2. Click Regenerate Backup Codes
  3. Old codes are immediately invalidated
  4. Save the new codes securely

Account Recovery

Lost Authenticator Access

If you lose access to your authenticator app:

  1. Use a backup code to sign in
  2. Go to Settings > Security
  3. Disable and re-enable authenticator app
  4. Set up with your new device

Lost All MFA Methods

If you've lost access to all MFA methods:

  1. Contact support@drillerdb.com
  2. Provide account verification information
  3. Support will verify your identity
  4. MFA can be reset after verification

Security Best Practices

For maximum security:

  1. Enable authenticator app as primary method
  2. Add at least one passkey for convenient access
  3. Generate backup codes and store offline
  4. Enable session timeout for automatic logout

Session Lifetime (Current Defaults)

  • Web sessions: 7 days
  • Mobile sessions: 90 days

Password Guidelines

Even with MFA, use strong passwords:

  • Minimum 12 characters
  • Mix of letters, numbers, symbols
  • Don't reuse passwords across sites
  • Consider a password manager

Device Security

Protect devices used to access DrillerDB:

  • Keep devices locked when not in use
  • Enable device encryption
  • Keep software updated
  • Don't access from public computers

Troubleshooting

Authenticator Code Not Working

  • Verify your device's time is correct (codes are time-sensitive)
  • Make sure you're using the right account in your authenticator app
  • Try the next code if current one just expired

Passkey Not Working

  • Ensure your browser supports WebAuthn
  • Try a different browser if issues persist
  • Verify biometric sensors are working
  • Check that passkey wasn't revoked

Locked Out of Account

  • First try backup codes
  • If no backup codes, contact support
  • Have account verification information ready

Support

Security questions or concerns? Contact:

Related Topics