Multi-Factor Authentication (MFA)
Multi-factor Authentication (MFA) keeps your Ubiquiti account safe. We offer authentication through apps and email, as well as backup recovery codes.
As of July 22, 2024, all users must enable MFA on their UI Account. After this date, all accounts without a different method enabled will have Email Authentication automatically enabled, with the account’s primary email receiving sign-in verification prompts.
Why Require MFA?
MFA adds an extra layer of protection beyond passwords in order to prevent unauthorized access to your account and ultimately safeguard your network, video recordings and other sensitive operations and data. Ubiquiti cares about your security, and we require you to use MFA to protect your setup.
Setting Up MFA
- Sign in to your UniFi account.
- Go to your Security section.
- Add a new MFA method.
We recommend the UI Verify app (iOS / Android) for seamless single-click authentication to your mobile device. Alternatively, you can use email authentication or a third-party mobile authentication service (such as Google or Microsoft Authenticator, Authy, etc).
Accessing a Locked Out Account
To preserve your account's security, we cannot reset your multi-factor authentication. If you have lost access to all authentication methods, you will need to create a new account. This is why we recommend multiple methods, especially if you are using UI Verify and/or other app-based authenticators, which are associated with a single mobile device.
FAQs
- Is MFA required for everyone logging into a UniFi device?
- Yes, with the exception of logging into a device locally with local credentials.
- Can email authentication use the same email as my account?
- Yes.
- Is it required for UniFi Identity Enterprise?
- No; in Identity Enterprise, MFA policies are set separately, on a per-workspace basis.