How to use Multifactor Authentication (MFA)
Multifactor authentication (MFA) adds extra layers of security to your Scaleway account. Beyond your password, MFA requires one or more additional verification factors to grant access — meaning your account stays protected even if your password is compromised.
Two MFA methods are available:
- One-time password (TOTP) - a unique, time-based code generated by an authenticator app.
- Passkey - a passwordless authentication method that removes the need to create, manage, or remember passwords.
Before you start
To complete the actions presented below, you must have:
- A Scaleway account logged in to the console
Enable TOTP
To use TOTP on your account, you first need to install an authenticator app on your phone. Once set up, the TOTP app generates a rotating set of time-based codes used to verify your identity at login. Popular TOTP apps include:
- Download and install an app of your choice on your phone.
- Go to your Account Security page.
- Click Set up TOTP in the Multifactor authentication section. A pop-up displays.
- Scan the QR code or enter the code shown into your authenticator app. Your app sets up MFA for your Scaleway account and displays a 6-digit code.
- Enter the 6-digit code into the box and click Submit.
- Download or copy the backup codes displayed, and store them somewhere safe. These are the only way to recover access to your account if you lose your TOTP app.
TOTP MFA is now enabled on your account.
From your next login onwards, you will be prompted to enter a TOTP code from your authenticator app.
Update TOTP
If you no longer have access to the device where TOTP was set up, you can reconfigure it through the Scaleway console.
Before you start
To complete the actions presented below, you must have:
- Owner status or IAM permissions allowing you to perform actions in the intended Organization
- Enabled TOTP on your account
- Go to your Account Security page.
- Click Update TOTP in the Multifactor authentication section. A pop-up displays.
- Scan the QR code or enter the code shown into your authenticator app. Your app sets up TOTP for your Scaleway account and displays a 6-digit code.
- Enter the 6-digit code into the box and click Submit.
- Download or copy the new backup codes and store them somewhere safe.
Delete TOTP
- Go to your Account Security page.
- Click Delete TOTP in the Multifactor authentication section. A pop-up displays.
- Type DELETE in the box to confirm and click Delete TOTP.
TOTP is now disabled on your account.
Enable a passkey
A passkey is a passwordless authentication method based on public-key cryptography, supported by the WebAuthn standard.
When you create a passkey, your authenticator app generates a key pair: the private key stays on your device, while the public key is sent to Scaleway. At login, Scaleway issues a challenge that your device signs with the private key — Scaleway then verifies it using the public key.
Before you start
To complete the actions presented below, you must have:
- Owner status
- Set up a password manager on your device
- Go to your Account Security page.
- Click + Add passkey in the Multifactor authentication section. A pop-up displays.
- Enter the passkey name you configured in your password manager.
- Click Start. Your password manager will be prompted and a pop-up may appear in your browser.
- Follow your password manager's instructions to complete the setup. A confirmation message displays once the passkey is successfully added.
- Click Close.
Your passkeys are now listed in the Multifactor authentication section.
Delete a passkey
- Go to your Account Security page.
- Click delete icon next to the passkey you want to delete in the Multifactor authentication section. A pop-up displays.
- Type DELETE in the box to confirm and click Delete passkey.
The passkey is removed from your Scaleway account.
Troubleshoot TOTP login issues
If you have problems logging in to the console with TOTP, refer to the dedicated troubleshooting page.