Authentication & MFA
Protect your QuivaWorks account with multi-factor authentication (MFA) and modern passkey technology.Why Enable MFA?
Security
Adds an additional layer of protection beyond passwords
Compliance
Meet security requirements for regulated industries
Account Recovery
Receive recovery codes for emergency access
Peace of Mind
Sleep better knowing your account is secure
Setting Up Multi-Factor Authentication
- Passkey (Recommended)
- Authenticator App
Passkeys provide passwordless authentication using biometrics or device PINs.
1
Navigate to Settings
Click your profile icon → “Settings” → “Password and Authentication”
2
Add Passkey
Click “Add Passkey”
3
Complete Setup
Follow your device’s prompts:
- Touch/Face ID on mobile
- Windows Hello on PC
- Touch ID on Mac
- Security key (YubiKey, etc.)
4
Save Recovery Codes
Store your recovery codes securely
Passkeys are:
- More secure than passwords
- Resistant to phishing
- Faster to use
- Backed by FIDO2 standard
Recovery Codes
Recovery codes provide emergency access if you lose your MFA device.Characteristics of Recovery Codes
- Each code can only be used once
- You receive 10 codes when enabling MFA
- Generate new codes if you run out
- Old codes become invalid when new ones are issued
Viewing Your Recovery Codes
- Click your profile icon → “Settings”
- Navigate to “Password and Authentication”
- Scroll to recovery codes section
- Click “View”
Using a Recovery Code
- On the MFA challenge screen, click “Use recovery code instead”
- Enter one of your recovery codes
- Click “Verify”
- Important: Generate new recovery codes immediately after using one
If you’ve used all recovery codes, contact an Admin to issue new ones.
Password Management
Password Requirements
Your password must contain:- Minimum 8 characters
- At least one uppercase letter
- At least one lowercase letter
- At least one number
- At least one special character (!@#$%^&*)
Changing Your Password
- Click your profile icon → “Settings”
- Navigate to “Credentials”
- Enter your current password
- Enter your new password
- Confirm your new password
- Click “Update Password”
All active sessions will be terminated except your current one. You’ll receive an email notification confirming the password change.
Forgot Your Password?
1
Initiate Recovery
- Visit https://app.quiva.ai/en/login
- Click “Forgot password?”
- Enter your account name and email
- Click “Send Recovery Email”
2
Check Your Email
Look for “Reset Your QuivaWorks Password” email with:
- Password reset link (recommended), or
- Temporary recovery code
3
Reset Password
- Click the reset link or enter the code
- Create a new password meeting requirements
- Confirm your new password
- Click “Reset Password”
4
Log In
You’ll be logged in automatically. All other sessions are terminated.
Security Notifications
You’ll receive email notifications for these authentication events:Password Changed
When your password is updated
Email Change Requested
When someone requests an email change
Passkey Added
When a new passkey is registered
Recovery Codes Viewed
When recovery codes are accessed
Best Practices
Use Unique Passwords
Use Unique Passwords
Never reuse passwords across different services. Use a password manager to track unique passwords for each account.
Enable MFA Immediately
Enable MFA Immediately
Set up MFA as soon as you create your account. Don’t wait until a security incident occurs.
Store Recovery Codes Securely
Store Recovery Codes Securely
Keep recovery codes in a password manager or physical safe. Never store them in email or unencrypted notes.
Prefer Passkeys
Prefer Passkeys
Passkeys are more secure and convenient than authenticator apps. Use them when available.
Review Sessions Regularly
Review Sessions Regularly
Check your active sessions monthly and terminate any you don’t recognize.
Rotate Passwords Periodically
Rotate Passwords Periodically
Change your password every 60-90 days, especially for privileged accounts.
Troubleshooting
Lost access to MFA device
Lost access to MFA device
- Use a recovery code to log in
- Immediately set up a new MFA method
- Generate new recovery codes
- If you’ve lost recovery codes too, contact an Admin
Authenticator app not working
Authenticator app not working
- Check your device’s time is synced correctly
- Ensure you’re using the latest code (refreshes every 30 seconds)
- Try removing and re-adding the account in your app
- Use a recovery code if the issue persists
Passkey not recognized
Passkey not recognized
- Ensure your device/browser supports passkeys
- Try registering a backup passkey on another device
- Clear browser cache if using a browser-based passkey
- Use authenticator app or recovery code as fallback
Didn't receive password reset email
Didn't receive password reset email
- Check spam/junk folder
- Verify you entered the correct account name and email
- Wait 5 minutes (email delivery can be delayed)
- Try requesting another reset email