Multi-Factor Authentication FAQ

Customer trust is our highest priority at Eiger.

The global threat landscape is constantly evolving, and the types of attacks that can cause significant issues to a business are on the rise. It’s more important than ever to implement stronger security measures and Eiger is addressing this with the launch of Multi-Factor Authentication (“MFA”).

Effective Monday 20th March 2023, Multi-Factor Authentication will be available to all Eiger users when accessing the Eiger Trading Platform (“ETP”). MFA is one of the easiest, most effective tools for enhancing login security, and safeguarding your business and data against security threats.

Table of Contents

What is MFA and how does it work?

MFA is an effective way to increase protection for user accounts against common threats like phishing attacks, compromised passwords, and account takeovers.

It adds another layer of security to your login process by requiring a user to enter two or more pieces of evidence to prove they’re who they say they are. One piece of evidence is something the user knows, such as their username and password combination. Other evidence can be verification methods that the user has in their possession, such as an authenticator app or one-time password.

A familiar example of MFA at work is two factors needed to withdraw money from an ATM. The ATM card is something that you have and your PIN is something you know.

By tying user access to multiple, different types of authentication factors, it’s much harder for unauthorised access to your ETP user account. For example, even if a user’s password is stolen, the odds are very low that an attacker will also be able to guess or hack a code from the user’s authentication app.

Is Eiger requiring customers to enable MFA?

Effective 20th March 2023, Eiger customers MFA will be available to use for access to the Eiger Trading Platform. 

Each user will have the option to enable MFA from this date when attempting to login to the ETP and each user will be encouraged to ‘opt-in’ permanently to the service.  Once MFA is enabled, a user cannot disable the service.

On a date that has yet to be confirmed, ETP users will be required to use MFA to access the ETP. All users who log in to the ETP through the user interface must use MFA for every login.

There is no additional cost for MFA functionality.

Why is Eiger launching MFA?

There’s nothing more important than the trust of our customers. We understand that the confidentiality, integrity, and availability of each customer’s data is vital to their business, and we take the protection of that data very seriously. As the global threat landscape evolves, it’s important to understand that attacks are on the rise that can cripple business and exploit consumers. As businesses transition to remote work environments, it’s more important than ever to implement stronger security measures.

A key part of our security strategy is safeguarding access to Eiger user accounts. On their own, usernames and passwords no longer provide sufficient protection against cyberattacks. That’s where MFA comes in. It’s one of the simplest, most effective ways to prevent unauthorised account access and safeguard your data. We are asking customers to implement MFA to help mitigate the risks stemming from threats like phishing attacks, credential stuffing, and compromised devices.

Now that the MFA requirement is available, what is the impact on users?

MFA will be available for ETP users from the 13th March 2023 although this will be an optional feature when logging into the Eiger Trading Platform. ETP users will be offered the ability to enable MFA from this date but can choose to avoid using MFA until Eiger makes this mandatory.

At a date in the future, Eiger will take action to automatically enable and enforce MFA for all users of the Eiger Trading Platform. Eiger Administrators will provide regular updates to all users via email in due course.

How does MFA work?

Multi-factor authentication (MFA) is a security method for your account that helps verify that you are the person who is logging into your account.

  1. You log into your user profile with your username and password,
  2. You will then get the notification via the method you chose during set up (a text, email, or Google Authenticator app verification) to verify it is you logging into your account.

What mechanisms can I use for authentication

Authentication MethodDescriptionAuthentication Timeframe
Text messageA text message is sent to a your mobile phone with a 6-digit code. Enter this code to complete the verification process.Indefinite for the device that is chosen to be ‘trusted’.
EmailAn email is sent to the email address attached to your user profile with a 6-digit code. Enter this code to complete the verification process.

6 months. After this time, the ETP user will need to re-authenticate their device.

Verification code with Google Authenticator appThe mobile app Google Authenticator generates a verification code. This occurs if you selected a verification code as your primary verification method.(Requires download of Google Authenticator App on your phone)Indefinite for the device that is chosen to be ‘trusted’.

How can I download the Google Authenticator app on my phone?

Scan the following QR code to download the Google Authenticator app for Google smart phones:

Scan the following QR code to download the Google Authenticator app for Apple smart phones:

Do I have to use MFA every time I log in?

Once an ETP user registers to use MFA, and authenticates the device, the device will be registered as trusted, and any subsequent logins (for the Authentication Timeframe) from that device will only require the username and password.

If the authentication period expires, the ETP user will be asked to authenticate their device again for a new Authentication Timeframe.

What is an authentication code?

Eigers Multi-Factor Authentication relies on time-based one-time passwords (TOTP).

These one-time numeric passwords are delivered by text, and email as well as through the authenticator app Google Authenticator, using the TOTP standard. 

Will MFA be required for both the Eiger Trading Platform and UAT?

Yes. Once registered, MFA will be enabled and the ETP user will be required to authenticate themselves when logging in the first time and after each authentication timeframe has expired.

Is MFA required for integration users?

The MFA requirement doesn’t apply to system integration login types via the API.

MFA is required if admins or anyone else who logs into ETP directly via the web-based login page for an integrated account – even if it’s only view trades or perform audit checks. 

Is it possible to exclude particular users from the MFA requirement?

No, the MFA requirement will apply to all ETP users when logging in via the web-based portal.

If you have any further questions or require any additional information, please contact Eiger through the following details:

Phone:+44 (0) 203 216 2500

Email: islamicproductgroup@eigertrading.com 

Contact us