Enabling multi-factor authentication
Add an extra layer of security to your Rezi account with MFA to protect against unauthorized access.
Multi-factor authentication (MFA) requires a second form of verification in addition to your password when you log in. Even if your password is stolen or guessed, an attacker cannot access your account without also having your second factor. Given that Rezi contains sensitive guest data, financial records, and communication systems, enabling MFA is strongly recommended for all team members.
Rezi supports two types of MFA: authenticator app (TOTP, time-based one-time passwords) and SMS verification. Authenticator app is more secure because it does not rely on SMS delivery and is not susceptible to SIM-swapping attacks. Use an authenticator app (Google Authenticator, Authy, 1Password) if possible.
Enabling MFA with an authenticator app
- 1
Go to Settings > Account > Security
- 2
Click Enable multi-factor authentication
- 3
Select Authenticator app
- 4
Open your authenticator app and scan the QR code displayed
- 5
Enter the 6-digit code from the authenticator app to verify
- 6
Save your backup codes in a safe place (these are your recovery method if you lose the authenticator app)
- 7
MFA is now enabled, you will be prompted for a code on each new login
Backup codes are single-use emergency codes that let you access your account if you lose access to your authenticator app. Rezi provides 10 backup codes when you set up MFA. Store them somewhere secure and offline, in a password manager, printed and locked away, or in a secure document. Each backup code can only be used once; regenerate your codes after using one.
Enabling MFA with SMS
If you cannot or prefer not to use an authenticator app, SMS-based MFA sends a one-time code to your registered phone number each time you log in from a new device or session. Enable it from Settings > Account > Security > Enable MFA > SMS verification. Enter your phone number and verify it with a test code before the setting is saved.
SMS-based MFA is less secure than authenticator app MFA. Attackers can intercept SMS codes through SIM-swapping (convincing your carrier to transfer your number to a new SIM) or SS7 network attacks. If you are particularly concerned about account security (e.g., you manage high-value properties), use an authenticator app.
Requiring MFA for your team
Account Owners can require MFA for all team members in Settings > Team > Security > Require MFA. When enabled, team members who have not set up MFA are prompted to do so on their next login. They cannot access the dashboard until MFA is configured. This is recommended for any team where multiple people have access to sensitive guest data.
Recovering access if you lose your MFA device
If you lose access to your authenticator app and do not have backup codes, contact support@rezi-ai.com for account recovery. The recovery process requires identity verification and can take 24-48 hours. This is why saving backup codes when setting up MFA is critical, the emergency code process is intentionally slow to protect against social engineering attacks.
Does MFA apply every time I log in or only sometimes?
Can I disable MFA after enabling it?
What happens if a team member loses their MFA device?
Was this article helpful?