What is Multi-Factor Authentication (MFA) and why do I need it?
Multi-Factor Authentication (MFA) is an additional layer of security that requires you to verify your identity using two or more methods before accessing your account. It ensures that even if someone knows your password, they cannot access your account unless they also pass this additional layer of authentication.
Unlike passwords that can be used over and over again, MFA codes are for one-time use and a unique one is sent each time you attempt to login to your account.
Note: MFA is not available for the other Withings apps (Thermo, WithBaby, Withings Home Security Camera, WiScale). You will have to disable MFA in order to access your account from those apps.
Why is MFA important for me?
Your health information is sensitive, and we want to ensure it's as secure as possible. MFA provides an extra layer of protection, making it much harder for unauthorized individuals to access your data, even if they somehow get hold of your primary password.
My password is already secure and unique. Why do I need to add a MFA?
It may be an extra step when logging in, but it's the extra mile for securing your account - especially when it comes to protecting confidential health data. Without MFA, if someone was able to obtain your password or access your inbox, they may be able to also gain access your information. With MFA, this becomes much harder as only you have both your phone and your password, the two factors required to log in.
What methods of MFA are available to secure my account?
We offer several methods: Authentication App, WhatsApp One-Time-Password (OTP), SMS OTP, and Phone Call OTP.
How does Authentication App work?
-
Basic Principle:
- When setting this up, you'll scan a QR code with an authentication app (like Google Authentication, Authy, or any password manager) which seeds it with a unique 6-digit code. This code, combined with the current time, is used to generate time-based one-time passwords (TOTPs) that change every 30 seconds or so.
-
How It Works:
- The user downloads and installs an authentication app on their smartphone or tablet.
- During setup of the MFA, the user scans a QR code and enters the TOTP provided by the Authenticator app.
- When logging in, the user is prompted to enter the code displayed in the authentication app.
How do WhatsApp, SMS or Phone Call OTP work?
-
Basic Principle:
- The system sends a one-time password (OTP) via WhatsApp message or SMS or Phone Call to the user's registered phone number.
- The OTP will be first sent to WhatsApp but another method can be selected to receive the OTP.
-
How It Works:
- The user initiates a login.
- An OTP is sent via a WhatsApp message or a SMS or a Phone Call.
- The user enters this OTP into the Withings application.
- The server verifies the OTP, and if correct, grants access.
What is the difference between WhatsApp OTP, SMS OTP, and Phone Call OTP?
All three methods – WhatsApp OTP, SMS OTP, and Phone Call OTP – are based on your phone number. Only the communication platform itself will vary, but each one uses your phone number to establish the initial connection.
While WhatsApp is available world-wide, Phone Call and SMS are only available in certain countries.
In which countries are phone and SMS verification available?
Phone and SMS verification are only available in certain regions throughout the world. If you are a Withings User outside the following counties, WhatsApp is still available to be used as a multi-factor authentication method.
- Australia
- Belgium
- Brunei
- China
- Czech Republic
- France
- Germany
- Italy
- Liechtenstein
- Lithuania
- Poland
- Singapore
- Spain
- Switzerland
- Thailand
- United Kingdom (UK)
- United States of America (USA)
Is WhatsApp OTP secure?
Absolutely! WhatsApp uses end-to-end encryption, which means only you and the sender can read the message contents. No third party, not even WhatsApp, can read the messages. It is even safer than SMS and this is the reason why we will try to reach you using WhatsApp first.
Why are SMS OTP, and Phone Call OTP linked together?
When you enable one, we activate the two to give you varied and convenient options. This ensures you can always receive a code, regardless of app availability or network conditions. You can disable them individually in the Withings App but we strongly recommend you keep the provided preset.
What happens if I lose access to my phone?
You must use the recovery code that was provided when you enabled a MFA. The recovery code will allow you to log in securely and you will be asked to configure again your MFA. You can also access the code at a later time from within the Withings App: Profile > Settings > Account & Security > Multi-Factor Authentication > Account Recovery and tap Recovery Code.
What is a recovery method, and why do I need it?
A recovery method helps you regain access to your account if you ever lose access to your primary MFA method. Think of it as a backup plan. It's essential to set up a recovery method and keep its details safe and confidential. This way, you can always access your account, even if your primary device or method is unavailable.
Why do I need to keep my recovery method safe?
Your recovery method is like a backup key to your digital house. If someone gets hold of it, they might potentially gain access to your account. That's why it's vital to keep it secure and confidential.
Can I remove my MFA once it has been enabled?
Yes. You can remove MFA from your account settings (Withings App > Profile > Settings > Multi-factor authentication) but we strongly recommend keeping your account secured with MFA at all times. Note that for security purposes you can only delete MFA if you are securely logged in using MFA.
Can I update my MFA once it has been enabled?
Yes. You can update your MFA in your account settings. Note that for security purposes you can only update MFA if you are securely logged in using MFA.
If I choose phone call verification, where do the calls originate from?
The phone numbers used for MFA verification originate from the US so please be aware that for those outside the US, surcharges may apply depending on your phone plan. Consult with your carrier for more details.
Will my phone number be used for marketing purposes or anything other than my MFA?
No. Withings will only use your phone number as part of the MFA feature. For more information, please see our Privacy Policy.
What if I face issues with my MFA methods or want more information?
If you ever encounter problems or have concerns about MFA, please contact our support team. We're here to help and guide you through any challenges you might face.
We hope this FAQ helps you understand the importance and benefits of MFA for your account's security. Our primary goal is to safeguard your data while making your user experience seamless and secure. If you have any more questions, please don't hesitate to reach out to Customer Service by clicking the Contact us button at the bottom of the page.