Multi-factor Authentication is coming to BrightCourse!  To help keep your data secure, we will now require verification that the person logging in has access to the phone number or an email associated with their login. To put it simply, when you login for the first time in awhile or you login from a new device, we will send you an SMS link or an email that must be clicked before the login can be completed successfully.

1. Why is BrightCourse adding Multi-Factor Authentication (MFA)? We are introducing MFA to give your account an extra layer of security. This helps keep your personal information and client data safe. With MFA, even if someone manages to get your password, they won’t be able to access your account without that second form of verification. It’s all about giving you peace of mind.

2. How does MFA work? It’s simple! When you log in, you’ll enter your usual username and password. If you've already validated your MFA in the last 30 days, we won’t even ask for it again (as long as you are on the same IP Address) —easy and secure! If your validation is older than 30 days or you are logging in on a new IP address, we’ll then send you a quick SMS or email link. Once clicked, you can login again for another 30 days.

3. When will I need to use MFA? You’ll only be asked for MFA if it’s been more than 30 days since your last validation or if you’re logging in from a different IP address. It’s a smooth process designed to give you maximum protection with minimal hassle.

4. Does every BrightCourse user need their own phone number? The short answer is, yes, each person with an account on BrightCourse will need their own phone number that can receive texts or email address. Because this is only used for sending these security links, personal cell phones can be used. We do not recommend adding a "shared" phone number as it defeats the purpose of the security and will become very difficult to manage if the phone is not available. An email address will be a great alternative.

5. Does every BrightCourse user need their own account? Again, yes. Shared logins for BrightCourse is problematic for many reasons such as tracking statistics and progress, attributing notes, or sending notifications to the right person. There is no charge for additional logins, so please add a unique "user login" for each staff/advocate using BrightCourse.

6. Can I turn off MFA? While MFA can be disabled in your organization's preferences, we highly recommend keeping it on for your security. It’s a quick and effective way to protect your account and ensure client data stays safe.

7. Is MFA really necessary? Yes! We take the safety of your data seriously, and MFA is one of the best ways to prevent unauthorized access. It’s a small step that makes a huge difference in protecting your information and ensuring everything runs smoothly for your organization.

We’re excited about this upgrade, and we think you’ll love the extra confidence it brings!