Skip to content Skip to footer
Splitifi Logo
SIGN UP
MFA Policy

Multi-Factor Authentication for Account Protection

This policy details how Splitifi implements Multi-Factor Authentication (MFA) to provide an added layer of account security. We believe that sensitive legal and financial data demands the strongest safeguards, and MFA ensures that access is always controlled, verified, and secure.

Effective Date: January 8, 2025
Version: v1.4

This MFA (Multi-Factor Authentication) Policy outlines the requirements and standards Splitifi applies to protect user accounts through layered authentication methods.

1. MFA Requirement

All Splitifi user accounts—litigants, attorneys, and judges—are required to enable MFA to gain full access to the platform. MFA is enforced during initial account registration and at any login from a new device.

2. Supported Authentication Methods

  • Time-based One-Time Passwords (TOTP) using apps like Google Authenticator or Authy
  • SMS-based codes sent to verified mobile numbers (optional fallback)
  • Biometric authentication (Face ID or fingerprint, where supported by device)

3. Device Registration

Users may register trusted devices for easier access. Device trust is monitored, and devices may be deauthorized automatically after extended inactivity or suspicious behavior.

4. Session Management

Sessions expire after 30 minutes of inactivity. MFA is required upon re-login, ensuring that unauthorized parties cannot regain access through lingering sessions.

5. Account Recovery

If a user loses access to their MFA device, identity verification is required via secure channels to reset credentials. Splitifi may request additional documentation to complete this process.

6. Administrative Enforcement

Admins and support personnel must use MFA at all times when accessing user-related backend data or diagnostic systems. Role-based access is strictly enforced through authentication tiers.

7. Security Monitoring

Login attempts are logged, and alerts are triggered for:

  • Login from new geographic locations
  • Repeated failed MFA attempts
  • Access from unrecognized browsers or IP ranges

8. Continuous Improvement

Splitifi regularly evaluates MFA protocols in response to emerging threats and user feedback. All updates will be reflected in this policy and communicated to users accordingly.

For support or questions about MFA, contact security@splitifi.io.

Please fill the required fields*