What is MFA?
Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) is an essential security feature that adds an extra layer of protection to your Built account. It helps prevent unauthorized access and fraud by requiring users to verify their identity through a secondary method beyond just a password. Built has adopted a "most-protective" approach to security in compliance with state regulations and to better safeguard user information and payment transactions.
Video Walkthrough of Setting Up MFA
Step-by-Step Guide to Setting Up MFA
This section provides clear, step-by-step instructions to help you enable MFA on your Built account. You can choose to authenticate using SMS text messages or a third-party authenticator app.
Navigate to id.getbuilt.com and log into your Built account
You will be prompted with a new screen to enable two-factor authentication (2FA)
Choose your preferred authentication method from the options listed below. Note: We recommend an authenticator app for anyone working in areas with limited mobile reception.
SMS Text Message : Enter your mobile phone number to receive a verification code. If you don’t see a code, double check the phone number you entered and make sure to check your Spam folder.
Authenticator App : Open your preferred authenticator app and scan the QR code displayed on the screen.
Once you have successfully confirmed MFA is enabled for your account click “Continue” to access your Built Account.
Note:
The next time you log into your account, you will be required to enter a verification code from your chosen method.
For more information on the importance and benefits of MFA, you can visit More than a Password by CISA.
Editing the MFA Method after Setup
Once MFA is set up, you can change your MFA method. Follow the instructions below to change the phone number that receives your MFA codes, or toggle between SMS and an Authenticator App, as preferred:
Log in to Built at id.getbuilt.com
Locate your account in your navigation bar and click the dropdown arrow
Select My Account from the menu
Locate the Multi-Factor Authentication (MFA) Section and click the three dots menu
Select Edit
A window will open, prompting you to choose your preferred MFA method
Choose Your Method
SMS: Receive a verification code via text message
Authenticator App: Use an app like Google Authenticator to receive a verification code
Follow the steps to complete verification of your chosen method
Once verified, you’ll see the method chosen as Enabled
Note:
MFA cannot be disabled, as this is a security requirement enforced for all accounts.
Feature Overview: ‘Remember this Device’
MFA will be required upon every login. However, if you are using the same device, enable the "Remember this device?” option when logging in through your MFA method. With device memory enabled, you will only need to use MFA to log in every 90 days. Note: if you switch devices, you will need to re-enable MFA on your new device.
Troubleshooting Note:
Some users may see repeated MFA prompts despite selecting “remember my device” due to internal security settings. Policies that clear browser data, use virtual desktops, or enforce frequent reauthentication can prevent Built from saving the local browser token required for this feature. We recommend contacting your internal IT team to see whether trusted devices can be remembered while still meeting security requirements.
FAQ
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is a security feature that adds an extra layer of protection to your Built account by requiring users to verify their identity through a secondary method beyond their first set of account credentials (email address and password).
Is MFA required for every user?
Yes, MFA is enforced for every user on both the Built Inspect App and Built Desktop upon each login session.
What methods can I use for MFA?
You can authenticate using SMS text messages or a third-party authenticator app, such as Google Authenticator or Microsoft Authenticator.
Do I need to set up MFA again if I change my phone number or device?
Yes, you may need to re-enable MFA in the following circumstances:
If you have selected SMS as your authentication method and have changed your phone number.
If you have selected the Authenticator app as your method and have not synced the application and its data to your new device.
Contact Built Support for assistance in resetting your MFA.
Can I log in with MFA if I don’t have cellular service?
No, if you have selected SMS as your authenticator method, you will need cellular service to receive a text message. It is recommended to use an Authenticator App for users in areas with limited service. (ie, for use with the Built Inspect App)
Can I use both SMS and Authenticator App methods for MFA?
No, currently you must choose one method for MFA, but you can change your method at any time. See how to edit your MFA method after setup above.
What if multiple people use the same email address to log in to Built?
Shared credentials are not recommended for security reasons, but if necessary, it is advised to set up MFA using the Authenticator App method only.
Can I receive an MFA code through my email?
No, the available MFA methods are SMS and Authenticator Apps only, as your email address is included in the primary authentication stage.
Do I need a QR code every time I login through MFA using an Authenticator App?
No, the QR code that displays is only for setting up MFA through the Authenticator App. Once MFA is enabled, users login through the code displayed within the Authenticator App.
How long are MFA codes valid before they expire?
Authenticator app codes (e.g., Google Authenticator, Authy): These typically expire every 30 seconds, which is standard for time-based one-time passwords (TOTP).
SMS codes: These are valid for up to 3 minutes after they are sent.