Multi-factor authentication (MFA) is widely used by businesses and continues to be one of the simplest and most secure ways to access your work online. Lightspeed uses MFA to add an extra layer of security to a user's account to prevent unauthorized access. Using MFA reduces the risk of fraud and identity theft and protects businesses from attacks that may compromise data.

MFA requires the user to input their existing password. Then, with a second authentication factor enabled, they will enter a six-digit, time-based, one-time passcode (OTP) generated by an authorized third-party authentication application. This passcode expires after 30 seconds and a new one is generated.

Recommended authenticator apps

We recommend using Google Authenticator, Microsoft Authenticator, or OneLogin Protect.

Setting up MFA for users

Each user will need to enable MFA for their account. MFA can't be enabled by location or by business.

Once setup is completed, authenticator details and factors can be accessed by clicking Manage your MFA settings.

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. Click Manage your MFA settings.
   
3. Click Enable.
   
4. Download a supported authenticator app on your mobile device and click Continue in the Enable app authentication pop-up.
   

5. In the authenticator app, scan the QR code to pair your mobile device. Enter the code provided by the authenticator app.

   Lightspeed can't restore access to accounts with two-factor authentication enabled. Ensure your codes are saved in a safe place to avoid locking yourself out of your account.

   Click Pair device.
   

6. Click Copy codes to save them to the clipboard, or click Download my codes to download the codes as a text file.
7. Click I saved my codes when finished.
   

Logging in to Lightspeed products with MFA

Once MFA is set up, users can log in with the authentication code in the chosen authenticator app.

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. At the authentication screen, enter the authentication code from your authentication app. Each code is valid for 30-60 seconds, depending on the authenticator app’s settings.
   
3. (Optional) Select the checkbox next to Remember me on this device for 30 days to skip the MFA process for the next 30 days.
4. Click Log in.

Using recovery codes with MFA

Recovery codes are the primary resource for account recovery should an account holder lose access to their authorized device or the authentication app. The first avenue for recovering an account with two-factor authentication enabled is using the recovery codes you saved during the setup process. Ensure these are saved in a secure location that is only accessible by the account holder.

There are three codes in total. Once a code is used, it becomes invalid, and you'll need to use another code on the list next time. Once they’ve all been used, you can generate new codes under your MFA settings.

Generating new recovery codes will invalidate all previously generated recovery codes.

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. Click Manage your MFA settings.
3. Click Generate new recovery codes.
4. At the confirmation screen, click Generate new recovery codes.
5. Click Copy codes to save them to the clipboard or click Download my codes to download the codes as a text file.
6. Click I saved my codes when finished.

Pausing and resuming an authentication factor

To temporarily stop using an authenticator app, you can pause it in the MFA settings page. You will need to first log in using an authentication code or with a recovery code.

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. Click Manage your MFA settings.
3. Click Pause.

MFA at login will be disabled until you resume it.

To restart authentication:

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. Click Manage your MFA settings.
3. Click Resume.

Removing an authentication factor

If you lose access to your authenticator app, you can remove an authentication factor in the MFA settings page. You will need to first log in using an authentication code or with a recovery code.

1. Log in to Restaurant Manager with your Lightspeed Restaurant credentials.
2. Click I can't access my authenticator app.
3. Use a recovery code to authenticate your login.
4. Click Manage your MFA settings.
5. Click the red trashcan icon.
6. Click Remove to confirm.

The authentication at login is now permanently disabled. To restore it, you will need to re-enable it as outlined above.

FAQ

• No. MFA adds an extra layer of security on top of your password. You still need to enter your email and password first. Only after you log in with your credentials and verify via an authentication app (like OneLogin) will you gain access to the Restaurant Manager.
• For now, you can only use authentication apps such as Google Authenticator, Microsoft Authenticator, or OneLogin Protect. Alternative authentication methods (e.g., email, SMS, or other options) are not yet supported.

• There’s an option to remember the device when submitting the OTP for 30 days.

  There’s a small subset of cases where this is ignored and MFA is required for re-entry, notably including attempting to disable MFA.

• Yes, but they will need to contact our Support team. Our Support team has the tools to create a temporary recovery code so the customer can log in and disable or update the MFA. The customer still needs to know their login credentials.
• No, this is only for the Restaurant Manager. We currently have no intention to introduce MFA for the POS.
• No. MFA is user-specific. Each user must enable it individually.