> For the complete documentation index, see [llms.txt](https://docs.cybus.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cybus.io/1-7-2/documentation/configuration/mfa-configuration.md). # MFA Configuration Required configuration to enable the MFA feature. When configuring Multi-Factor Authentication (MFA) features, especially in systems that involve user authentication and data protection, encryption and salting mechanisms are critical. Two environment values are required: a secret and a salt. Both work in tandem to maintain the integrity, confidentiality, and robustness of the MFA feature, ensuring that users' authentication processes are both secure and trustworthy. * **CYBUS\_MFA\_ENABLED**: when set to 'true', the MFA feature will be enabled in general. When set to 'false', the MFA feature is disabled. * **CYBUS\_MFA\_ENCRYPTION\_SECRET**: the key for MFA encryption * **CYBUS\_MFA\_ENCRYPTION\_SALT**: the salt as extra layer of randomness for MFA encryption * **CYBUS\_MFA\_MAX\_INVALID\_OTPS\_PER\_USER**: (optional) maximum number of invalid OTPs a user can enter during the MFA login flow before the account gets temporarily deactivated * **CYBUS\_MFA\_BAN\_DURATION\_MINUTES**: (optional) duration in minutes for temporarily user account deactivation after failing multiple times entering invalid OTPs during MFA login flow {% hint style="warning" %} Keep in mind that the combination of **CYBUS\_MFA\_ENCRYPTION\_SECRET** and **CYBUS\_MFA\_ENCRYPTION\_SALT** ensures the cryptographic robustness of 2FA tokens, making them both safe and distinct. If these values are compromised, it would expose the system to potential unauthorized access and breaches. By modifying these values, previously generated 2FA secrets became undecipherable. As a consequence, users with 2FA enabled would be unable to log in anymore. {% endhint %} Example configuration: ``` CYBUS_MFA_ENABLED=true CYBUS_MFA_ENCRYPTION_SECRET=18473274-5073-11ee-be56-0242ac120002 CYBUS_MFA_ENCRYPTION_SALT=229c75c2-5073-11ee-be56-0242ac120002 ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.cybus.io/1-7-2/documentation/configuration/mfa-configuration.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.