Skip to main content
All CollectionsUsersUser Management
Why am I asked for an MFA code every login?
Why am I asked for an MFA code every login?
Sean Rolsen avatar
Written by Sean Rolsen
Updated over a week ago

Overview

ThinkReservations understands the importance of maintaining the highest level of security for your account and your guest's data. In 2019, ThinkReservations introduced MFA (Multi-Factor Authentication) and required this security feature in August 2024 due to increased phishing scams. MFA adds an extra layer of protection to your account by requiring you to provide two different forms of identification when you log in: Your account username and password and a code generated by either an authenticator app or text message.

Using MFA only adds a few seconds to your login process, and in exchange, your account is securely protected. This way, security is not compromised for convenience.

We support a way to remember the device, so the code is not required whenever you log in for devices you trust. When you check the box to Remember the device for 30 days, the system attempts to save a "cookie" to that device.

Important Notes:

  • Checking the box attempts to store a cookie on that user/device/browser for 30 days.

    • When you log in, our system won't ask for the code if it can find the cookie.

  • Once you sign in, you can remain signed in for more than 30 days.

  • You won't need to enter your code for 90 days as long as you don't sign out!

Likely Causes

If you check the box, and are asked to verify your identity again less than 30 days, this means the browser you are using cannot find the cookie.

There are several reasons why the browser cannot find the cookie. We've compiled a list in what we feel is the order of most common:

  1. Incognito or In-Private browser mode: When you use these modes, cookies are deleted upon exit or not saved at all. This is the intended behavior when using these modes. On mobile, we have found some clients are using private mode and don't even realize it, so check carefully to see if this could be the case.

  2. Browser Settings: Some browsers have settings that block third-party cookies or all cookies by default. If these settings are enabled, the cookie will not be saved. Each browser has its own settings, so make sure to check for each if you use multiple.

    1. In Google Chrome, this is the 3 menu dots > Settings > Privacy and Security > Third-party Cookies. Select "Allow third-party cookies" or "Block third-party bookies in Incognito mode". This page is located here: chrome://settings/cookies

  3. Automatic Cookie Deletion: Some browsers or operating systems may be set to automatically delete cookies after a session ends, even if not in incognito mode.

    1. In Google Chrome, ensure data can be saved to your computer. Click the 3 dots menu > Settings > Privacy and Security > Site Settings > Additional content settings (click to expand) > On-device site data > select "Allow sites to save data onto your device". This page is located here: chrome://settings/content/siteData

  4. Browser Extensions: Certain privacy-focused browser extensions, such as Ad Blockers or anti-tracking tools, often interfere with cookie storage by blocking or automatically deleting cookies. These are very popular and sometimes run in the background and you may not know they are running.

  5. Security Software: Antivirus or security software can block or delete cookies as part of their privacy protection features. Check to see if your software has any web features, and if you can add ThinkReservations to a whitelist.

  6. User, Device, or Browser Issues: If you are switching between devices or using a different browser or operating system, the cookie will not be available, as this cookie is user, device, and browser-specific. When you check the box to remember you for 30 days, that is for that user, on that browser installation, on that particular device.

    1. If cookies are deleted in Google Chrome, they are deleted from other devices signed into and using Google Chrome at the same time. For example, if you delete cookies on Chrome on your mobile phone, they will also be deleted from your laptop or desktop computer.

  7. Browser Update or Reset: Sometimes, after a browser update or a reset, stored cookies can be cleared or invalidated, causing the "remember me" feature to stop working.

  8. Time/Date Misconfiguration: If the computer is set with an incorrect date or time --or time zone, it can cause issues, preventing the "remember me" functionality from working as intended. It also can cause issues with authenticator apps because the code is valid only for 1 minute, so the time on the the device running the authenticator app has to match the time on our servers.

  9. Quota Limits for Cookies: Browsers have a limit on the number of cookies or the total storage size for cookies per domain. If these limits are exceeded, new cookies will not be saved. This is less likely as typically it's the older cookies that get deleted, but if not configured that way, it could cause your issue.

  10. Conflicting software on the device: Some users have reported that cookies were not being stored due to an official Bing Wallpaper (a reputable official app from Microsoft). Although odd, sometimes seemingly unrelated software can cause issues like this.

Troubleshooting and Testing

Make sure you are not using private browsing or incognito mode for these tests!

Test if the cookie will save in the same session (meaning don't close the browser down, just log out and log back in.)

  • If it remembers you, the cookie successfully saved for that session. This means that cookies are properly being created, saved, and remembered.

  • If it does not remember you, then something is blocking the cookie from being stored, like a setting, extension, or antivirus software.

Test if the cookie will save for the same user, browser, and device. Log out and then full close the browser down, but don't reboot the device. Reopen the browser and attempt to log in.

  • If it remembers you, the cookie is successfully saved for that user, browser, and device.

  • If you are prompted with MFA, then that means something is deleting the cookie once you close the browser such as a setting on your browser or antivirus software.

Test if you experience this using an alternate browser.

  1. If it remembers you, then you know the issue is related to a setting or extension with the other browser. Check your settings and extensions carefully now that you have narrowed down the problem.

  2. If it doesn't remember you, then it could still be an extension on the other browser if you have them installed. Outside of an extension, it could be related to software outside the browser, such as your antivirus software. Something also cold be happening if you shut your computer down every day.

Test in Incognito - Finally, you can test in Private browsing or Incognito mode if you change your settings to "Allow 3rd party cookies in incognito". This test allows you to help rule out if an extension might be causing a conflict.

We also recommend testing with other devices and browsers to use the process of elimination to see why this problem is occurring for you.

Did this answer your question?