An added layer of security for all MaxMind accounts

At MaxMind, we take cyber security seriously – both the security of our customers, and the security of the general public. For that reason, we will begin to require two-factor authentication (2FA) for all MaxMind accounts and users. By default, all customers will use email 2FA. We will begin rolling out required 2FA to accounts beginning in May, 2023.

Currently, MaxMind allows users to enable 2FA on their accounts using any FIDO2 compliant security key. When this standard was first introduced, there were limited options, mostly confined to physical security keys (like Yubikeys). Over the years, more and more devices have begun to work with the standard so that today many common devices that use biometric input (such as a user’s fingerprint) can be used, including most smartphones and many laptops. Learn more about 2FA using security keys on our Knowledge Base.

MaxMind will continue to allow customers to use FIDO2 compatible devices for 2FA, but accounts that are not using a FIDO2 security key will be required to use email 2FA.

How will email 2FA work?

When the 2FA requirement is enabled for your account, any users who do not already have 2FA enabled with a security key will use email 2FA.

When you go to login to your account, you will enter your username and password as usual. After you enter your username and password, we will email you a one-time passcode. You will enter this passcode, and then you’ll be logged in to your account.

How should I prepare for email 2FA?

Make sure that all users on your account have an up-to-date email address where they can receive their one-time security codes:

Alternatively, if you prefer to use security key authentication, you should enable this for all of your users:

When will 2FA be required?

We are taking a phased approach to this requirement and will begin requiring 2FA for some accounts in early May. We will email accounts informing them of the change as we enable it.