Cloud Anesthesia

Multi-Factor Authentication (MFA) Setup

Audience: any Cloud Anesthesia user. Strongly recommended for admins and superadmins. Time: ~3 minutes.

MFA adds a second factor to your sign-in: in addition to your password, you'll enter a 6-digit code from an authenticator app on your phone. Even if your password is compromised, your account stays safe.

Cloud Anesthesia uses standard Time-based One-Time Password (TOTP) MFA, compatible with any authenticator app:

Before you start

You'll need:

Step 1: Open MFA settings

Sign in to Cloud Anesthesia and navigate to Account → MFA, or visit /account/mfa directly.

You'll see your current MFA status. If MFA is off, you'll see a "Set up MFA" card with a Begin setup button.

Step 2: Begin setup

Click Begin setup. Cloud Anesthesia generates a unique secret for your account and ten one-time recovery codes.

The page now shows:

Step 3: Add the account to your authenticator app

On a phone: tap the otpauth:// link. Your default authenticator app will open and offer to add the account.

On a desktop or if the link doesn't work: open your authenticator app, choose "Add account" → "Enter setup key manually" (wording varies by app), paste the secret. Most apps will let you label the account "Cloud Anesthesia."

After adding, your authenticator app will display a 6-digit code that refreshes every 30 seconds.

Step 4: Save your recovery codes

Before clicking Continue: copy the ten recovery codes somewhere safe. These are your only way to sign in if you lose access to your authenticator app.

Good places to store them:

Each code works one time. After you use one, it's invalidated.

If you ever run low (say you've used 8 of 10), disable MFA and re-enroll to generate a fresh batch.

Step 5: Verify and enable

Enter the current 6-digit code from your authenticator app into the "Verify and enable" field. Click Verify & enable.

If the code is valid, MFA is now active. From this point forward, signing in requires both your password and a fresh 6-digit code.

What it looks like going forward

When you sign in:

  1. Enter your email and password as before.
  2. Cloud Anesthesia recognizes you have MFA enabled and shows a second screen: "Enter the code from your authenticator app, or one of your recovery codes."
  3. Open your authenticator app, copy the current 6-digit code, paste it in. (Or use a recovery code if you don't have access to your phone.)
  4. You're in.

Using a recovery code

If you don't have your phone, type any unused recovery code instead of a 6-digit code. Cloud Anesthesia accepts the format with or without dashes (12AB-34CD-56EF and 12AB34CD56EF both work).

The code is marked used after one successful sign-in. Cross it off your list so you don't try to reuse it.

Disabling MFA

From /account/mfa, scroll to the "Disable MFA" section. You'll need:

After confirming, MFA is removed and your unused recovery codes are deleted. You can re-enroll any time.

If you lose access to BOTH your authenticator and your recovery codes

This is what the superadmin escape hatch is for. Email support@cloud-anesthesia.com from the email address on your account. A superadmin can reset your MFA enrollment, which:

After the reset, you can sign in with just your password and re-enroll MFA from scratch.

FAQ

Q: Will MFA work if my phone is offline? A: Yes. TOTP doesn't require an internet connection — the code is generated from the secret + the current time.

Q: What if my phone clock is wrong? A: Cloud Anesthesia tolerates ±30 seconds of clock skew. If your phone is wildly out of sync, codes will be rejected; fix your phone's time settings (use "Set automatically").

Q: Can I use multiple authenticator apps with the same account? A: Yes, by adding the same secret to each. Useful for backup (e.g., main authenticator on phone, backup on a tablet).

Q: Does Cloud Anesthesia send me text messages or push notifications for MFA? A: No. We use TOTP only — codes are generated locally by your authenticator app. We don't have your phone number for MFA purposes.