Q: What is MFA, and why is it important?
A: Multi-Factor Authentication (MFA) adds a second identity check at login — usually a password plus a one-time code from an app or email.
Even if a password is stolen, that second factor stops unauthorized access before it starts.
It’s one of the simplest, most effective ways to protect sensitive data, and it’s now a global best practice across aviation, finance, and education tech.
Q: Has a flight school ever been hacked in a way MFA could help prevent?
A: Yes. In one instance, a former employee reportedly accessed a FlightCircle account, deleted safety alerts, and cleared aircraft with known issues, putting pilots at risk. [ARTICLE] MFA would have blocked that unauthorized access before it happened. Access control matters just as much as encryption.
Q: Who should enable MFA?
A: Every user with a Flight Schedule Pro login — staff, instructors, and students — should enable MFA on their own account.
This isn’t something schools can “flip on” system-wide; each user secures their own login.
For schools using our Student Financing integrations, MFA will be mandatory for all users.
If any user hasn’t enabled MFA once the requirement is active, they won’t be able to log in until it’s set up.
Q: Why is FSP requiring MFA for some schools?
A: Schools using Student Financing integrations handle the most sensitive data — student personal details, financial records, and lender data.
Those accounts must meet higher security standards set by our financing partners and data compliance requirements.
Requiring MFA protects everyone: the school, its students, and its partners. It prevents unauthorized access that could lead to safety risks, financial exposure, or loss of trust.
Q: If I’m using Student Financing integrations, why does every user have to turn it on? Why not just admins or staff?
A: Every user login is a potential access point.
Even one unprotected student account can open the door to the larger system.
MFA only works when it’s universal — like locking every hangar door, not just the main office.
This also keeps schools compliant with partner security standards and ensures full protection across all accounts.
Q: Does MFA replace passwords or change them?
A: No. MFA adds a second checkpoint after the normal username + password login.
Passwords work the same way; this just adds another layer of protection.
Q: What second factors are supported?
A: Flight Schedule Pro supports three secure MFA options:
Authenticator App: Codes generated by apps like Google Authenticator, Authy, or Microsoft Authenticator.
Email Verification: One-time code sent to the user’s registered email address.
Backup Codes: Single-use recovery codes that can be stored securely for emergencies.
Note: SMS/text verification is not available
Q: What if a user loses access to their second factor (e.g. loses phone)?
A: Users can log in using their backup codes, or recover access via a verified recovery email.
If they’re still locked out, our support team can safely verify identity and restore access.
Q: Can we roll MFA out gradually?
A: No. MFA will be enabled voluntarily for all users to adopt. For schools participating in student financing integrations, all users will be required to enable MFA.
When MFA becomes mandatory across the platform, users who haven’t enabled it will be prompted to do so before accessing their account.
Q: What if I need help or run into issues?
A: Our team’s ready to help. We have detailed walkthroughs, troubleshooting steps, and 1:1 support if you need it.
Q: What’s the bigger picture?
A: MFA is part of a broader mission to protect the aviation training community.
As more systems connect — scheduling, billing, maintenance, and financing — one weak link can expose many.
Universal MFA ensures every school, student, and partner stays protected, compliant, and ready for what’s next.
Q: What will employees, students, CFIs see when MFA is enabled?
A: All users will be prompted to set up MFA. Users can immediately complete the setup process, ask to be reminded later, or decline to setup MFA at this time. Any users can return to set this up later by navigating to their username in the upper right corner, clicking ‘My FSP Account’, and then enabling MFA.
Q: When MFA becomes required, how will the experience change?
A: For schools that require MFA, either by choice or by participating in Student Financing integrations, MFA will be required to be enabled for all users. Users will have 30 days to enable and will no longer have the option to decline setup. Users can still choose an optimal time to go through the setup, so long as it is within the 30 day window. Upon conclusion of the 30 day window, users will be required to set up MFA before continuing to use FSP.
Q: What action is needed on my part, as the school administrator?
A: Nothing. MFA is something that individuals can opt into, and no action is needed on your part other than awareness, and of course encouragement to your students and employees to make their account more secure. As a school administrator, if you want to enforce MFA policy at your school, please contact your Customer Success representative who can assist in making it required for your school.