Account hardening
TOTP authenticator apps and backup codes protect high-privilege chauffeur platform accounts.
Administrators enforce MFA org-wide; partners enable it for finance and dispatch leads.
Guests optionally protect accounts holding saved payment methods and passenger profiles.
Backup codes regenerate one-time recovery sets when travelers replace phones.
Users scan QR codes into Google Authenticator, Authy, or compatible apps.
A challenge code confirms the secret before MFA is marked active.
Backup codes unlock access if devices are lost; admins can reset with audit.
Stolen passwords alone cannot access dispatch or payout screens.
MFA satisfies common enterprise security questionnaire requirements.
Tenants stage rollout — optional for guests, mandatory for admins.
Secrets encrypt at rest; lockout policies throttle brute-force OTP attempts.
Admin resets require super-admin approval and generate audit events.
MFA integrates with JWT session issuance — step-up challenges appear after password or OAuth success.
Security settings panel in customer and partner portals manages enrollment.
Global admins enforce MFA before accessing payout approvals.
Controllers protect settlement exports behind authenticator challenges.
High-net-worth travelers opt in to guard saved Amex profiles.
