Privy enables users to set up multi-factor authentication (MFA) for embedded wallets on both EVM networks and Solana. MFA helps secure the embedded wallet by requiring additional verification of a user’s identity when the wallet is used. images/MFA.png Once a user enrolls in wallet MFA, any action that requires use of the embedded wallet’s private key will require the user to complete MFA verification. This includes signing messages, sending transactions, exporting the embedded wallet, and recovering the embedded wallet for use on new devices. Privy currently supports three methods of wallet MFA:
  • SMS, where users verify with a 6-digit MFA code sent to their phone number
  • Time-based one-time password (TOTP), where users verify with a 6-digit MFA code from an authentication app, like Authy or Google Authenticator
  • Passkeys, where users verify with a previously registered passkey, generally through biometric authentication on their device
If a user has multiple embedded wallets (e.g. on EVM and Solana, or multiple HD addresses), enrolling in MFA will require MFA for signatures and transactions from any of their embedded wallets.