My Account

Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds an extra layer of security to your Plum account by requiring a time-sensitive, six-character code in addition to your password when signing in.

This article explains how to enable, use, and manage MFA in Plum, and what to do if you experience setup issues.

 

What is Multi-Factor Authentication (MFA)?

MFA helps protect your account by requiring verification from a secondary device (such as your mobile phone) whenever you log in.

Once enabled, you’ll enter a six-character code from your authenticator app each time you sign in to Plum.

Plum supports any standard authenticator app, such as Google Authenticator, Apple Passwords, Microsoft Authenticator, Authy, 1Password, etc.

 

How to enable MFA

  1. You can turn MFA on or off at any time from your Account Settings.
  2. Navigate to your menu and select the  Account > Settings page.
  3. Click the pencil icon beside Multi-Factor Authentication.


     
  4. A setup flow will appear. You can complete setup in one of two ways:
    • Scan the QR code: Open your phone’s camera and tap the link that appears when hovering over the QR code. Or, open your authenticator app and scan the QR code directly from within the app. On some devices, you may be able to just tap-and-hold the QR code instead of using your camera to scan it.
    • Click the setup link (mobile only): If you’re already using Plum on your phone, click the manual setup link to open your authenticator app directly. This link will not work on desktop computers or laptops; it’s designed to open authenticator apps on mobile devices.


       
  5. After scanning or clicking, your authenticator app will display a six-character code.
  6. Enter this code into Plum to confirm setup.
  7. Once complete, MFA will be enabled for your account. You’ll see a confirmation message and can disable MFA at any time by returning to your Account Settings and going through the Delete flow.

You must have access to an authenticator app in order use Plum's MFA feature.

 

How to sign in using MFA

After you’ve enabled MFA:

  1. Navigate to https://secure.plum.io/.
  2. Enter your email address and password as usual.
  3. When prompted, open your authenticator app and enter the six-character code displayed there. Remember that this code will be time-sensitive.
  4. You’ll then be signed in to your account.

If MFA is not enabled, you’ll continue to sign in using only your email and password.

 

How to remove MFA

You can disable MFA at any time:

  1. Navigate to your menu and select the Account > Settings page.
  2. Click the trash bin icon underneath Multi-Factor Authentication.
  3. Confirm the deletion when prompted.


     

Once deleted, you’ll no longer be asked to enter a code when signing in.

 

Having Trouble?

If you’re having issues setting up or using MFA, here are some quick tips:

 

You don’t have an authenticator app

  • You’ll need an authenticator app to complete MFA setup.
  • Recommended options:
    • Android: Install Google Authenticator or Microsoft Authenticator from the Play Store.
    • iPhone: You can use the built-in Passwords app (part of iOS) — no separate download required.
    • Other Operating Systems: check your app store for a trusted authenticator app like Microsoft Authenticator or Google Authenticator.
  • Once installed, return to Plum and either re-click the link or rescan the QR code to complete setup.

 

The QR code won’t scan

  • Make sure your phone’s camera lens is clean and the QR code is fully visible on your screen.
  • If your phone’s camera isn’t scanning automatically, open your authenticator app directly and look for an option such as Add account → Scan QR code.
  • Alternatively, try signing in to Plum on your mobile device and then clicking the "set up manually" link instead of scanning the QR code.

 

The link doesn’t open anything

  • The manual setup link only works on mobile devices. If you’re on a computer or laptop, use your phone’s camera to scan the QR code instead.
  • If you click the link on your phone and nothing happens, it usually means you don’t yet have an authenticator app installed.

 

The code doesn’t work

  • Double-check that you’ve entered the six-character code correctly.
  • MFA codes refresh every 30 seconds. If the code expires before submission, wait for a new one to appear and try again.
  • If you’re using multiple devices, make sure the time settings on your phone are correct (automatic date/time should be turned on).

MFA is not available for users who sign in to Plum through their organization’s Single Sign-On (SSO).

Related to

Was this article helpful?

Have more questions? Submit a request