User type: Both Personal and Organization users
The Security tab in the My OPSWAT Portal allows you to manage your account's security settings, including updating your password, setting up Multi-Factor Authentication (MFA), and configuring a PIN for sensitive actions.
To access this feature, go to your username in the top right corner and navigate to My Information > Security.
Password
Keep your account secure by updating your password regularly. As part of our security policy, passwords must be changed every 180 days.
Password Expiration Notifications
You will receive a notification 7 days before expiration in the following locations:
- Overview page
- My Information > Security page
Once your password expires, you will be unable to perform any actions until you update it. To change your password, navigate to My Information > Security and follow the prompts.
Multi-Factor Authentication
Enhance your account security by enabling Multi-Factor Authentication (MFA). MFA adds an extra layer of protection by requiring a second verification step, such as a one-time code sent to your email or mobile device.
Set Up MFA
- Navigate to My Information > Security tab.
- Under the Multi-Factor Authentication section, click the Setup MFA button.
- Follow the on-screen instructions to configure MFA using an authentication app (e.g., Google Authenticator, Microsoft Authenticator).
- Securely store the recovery code provided during the setup process.
When MFA is enabled and set up, user must input correct TOTP when signing in My OPSWAT Portal.
Disable MFA
- Go to My Information > Security.
- Under the Multi-Factor Authentication section, select the option to disable MFA.
- A confirmation email will be sent to your registered email address. Open the email and follow the instructions to confirm and complete the MFA disable process.
If you click the Disable MFA button multiple times, you will receive multiple emails accordingly; however, only the link included in the most recent email will be valid for disabling MFA.
Email confirmation is always required to disable MFA, including if you have logged in using a recovery code. Disabling MFA will not be completed until you confirm the action via the email link.
Organization-Level MFA Settings
If your account belongs to an organization with MFA requirements:
- You must set up MFA when prompted during sign-in if one of your organizations enables the requirement.
- If the organization later disables the MFA requirement, you will still have MFA enabled. You can disable it manually from My Information > Security if desired.
Disabling MFA at the organization level does not automatically turn off MFA for individual users.
Users must store their MFA recovery code securely. Failure to do so may result in being locked out of their account if the authentication app is lost.
PIN Setup
The Security tab also allows users to set up a PIN: Click the Setup PIN button to confirm changes to sensitive functions. This adds an additional layer of security in-product.
