Skip to main content

Why am I asked for an MFA code every login?

Updated this week

Overview

ThinkReservations understands the importance of maintaining the highest level of security for your account and your guests' data. In 2019, ThinkReservations introduced MFA (Multi-Factor Authentication) and required it in August 2024 due to increased phishing scams. MFA adds an extra layer of protection to your account by requiring you to provide two different forms of identification when you log in: Your account username and password, and a code generated by either an authenticator app or text message.

Using MFA only adds a few seconds to your login process, and in exchange, your account is securely protected. This way, security is not compromised for convenience.

We support a way to remember devices, so you don't need to enter the code whenever you log in on devices you trust. When you check the box to Remember the device for 30 days, the system attempts to save a "cookie" to that device.

Important Notes:

  • Checking the box attempts to store a cookie on the user's device/browser for 30 days.

    • When you log in, our system won't ask for the code if it can find the cookie.

  • Once you sign in, you can remain signed in for more than 30 days.

  • You won't need to enter your code for 90 days as long as you don't sign out!

Likely Causes

If you check the box and are asked to verify your identity again within 30 days, it means the browser you are using cannot find the cookie.

There are several reasons why the browser cannot find the cookie. We've compiled a list of what we feel is the order of most common:

  1. Incognito or In-Private browser mode: When you use these modes, cookies are deleted upon exit or not saved at all. This is the intended behavior when using these modes. On mobile, we have found some clients are using private mode without even realizing it, so check carefully to see if this could be the case.

  2. Browser Settings: Some browsers have settings that block third-party cookies or all cookies by default. If these settings are enabled, the cookie will not be saved. Each browser has its own settings, so make sure to check for each if you use multiple.

    1. In Google Chrome, go to 3 menu dots > Settings > Privacy and Security > Third-party Cookies. Select "Allow third-party cookies" or "Block third-party cookies in Incognito mode". This page is located here: chrome://settings/cookies

  3. Automatic Cookie Deletion: Some browsers or operating systems may automatically delete cookies after a session ends, even when not in incognito mode.

    1. In Google Chrome, ensure that data can be saved to your computer. Click the 3 dots menu > Settings > Privacy and Security > Site Settings > Additional content settings (click to expand) > On-device site data > select "Allow sites to save data onto your device". This page is located here: chrome://settings/content/siteData

  4. Browser Extensions: Certain privacy-focused browser extensions, such as Ad Blockers or anti-tracking tools, often interfere with cookie storage by blocking or automatically deleting cookies. These are very popular and sometimes run in the background, and you may not know they are running.

  5. Security Software: Antivirus or security software can block or delete cookies as part of their privacy protection features. Check whether your software has any web features, and whether you can add ThinkReservations to a whitelist.

  6. User, Device, or Browser Issues: If you switch devices or use a different browser or operating system, the cookie will not be available, as it is user-, device-, and browser-specific. When you check the box to remember you for 30 days, it applies to that user, on that browser installation, on that particular device.

    1. If cookies are deleted in Google Chrome, they are deleted from other devices signed into and using Google Chrome at the same time. For example, if you delete cookies on Chrome on your mobile phone, they will also be deleted from your laptop or desktop computer.

  7. Browser Update or Reset: Sometimes, after a browser update or reset, stored cookies are cleared or invalidated, causing the "remember me" feature to stop working.

  8. Time/Date Misconfiguration: If the computer is set with an incorrect date or time -or time zone, it can cause issues, preventing the "remember me" functionality from working as intended. It can also cause issues with authenticator apps because the code is valid for only 1 minute, so the time on the device running the authenticator app must match the time on our servers.

  9. Quota Limits for Cookies: Browsers limit the number of cookies or the total storage size per domain. If these limits are exceeded, new cookies will not be saved. This is less likely, as typically it's the older cookies that get deleted, but if not configured that way, it could cause your issue.

  10. Conflicting software on the device: Some users have reported that cookies were not being stored due to the official Bing Wallpaper (a reputable Microsoft app). Although odd, sometimes seemingly unrelated software can cause issues like this.

Troubleshooting and Testing

Make sure you are not using private browsing or incognito mode for these tests!

Test if the cookie will save in the same session (meaning don't close the browser down, just log out and log back in)

  • If it remembers you, the cookie has been successfully saved for that session. This means that cookies are being created, saved, and remembered properly.

  • If it does not remember you, something is blocking the cookie from being stored, such as a setting, extension, or antivirus software.

Test if the cookie will save for the same user, browser, and device. Log out, then fully close the browser, but don't reboot the device. Reopen the browser and attempt to log in.

  • If it remembers you, the cookie is successfully saved for that user, browser, and device.

  • If you are prompted for MFA, it means something is deleting the cookie when you close the browser, such as a browser setting or antivirus software.

Test if you experience this using an alternate browser.

  1. If it remembers you, then you know the issue is related to a setting or extension in the other browser. Check your settings and extensions carefully now that you have narrowed down the problem.

  2. If it doesn't recognize you, it could still be an extension in another browser if you have it installed. Outside of an extension, it could be related to software outside the browser, such as your antivirus software. Something also could be happening if you shut your computer down every day.

Test in Incognito - Finally, you can test in Private browsing or Incognito mode if you change your settings to "Allow 3rd party cookies in incognito". This test helps you rule out whether an extension might be causing a conflict.

We also recommend testing with other devices and browsers to use the process of elimination to see why this problem is occurring for you.

Did this answer your question?