Investor Services Security Update: Requiring 2FA in 2022

Starting in May 2022, we will require that all Carta accounts have two-factor authentication (2FA), also known as Multi-factor authentication (MFA) enabled. Investor Services customers should confirm all of their team members have personal accounts properly provisioned and secured with MFA/2FA as soon as possible. 


Why MFA/2FA?

MFA is the industry standard for software companies, like Carta, that store sensitive identity and financial information.

What does this mean for me? 

As we make this change, all accounts need to be associated with a single person’s name. 

If there are multiple people at your organization accessing Carta with the same email and password, you need to take action.  

If you’re not sure, click here for instructions on checking or updating the name on your account.

How can I create accounts for other individuals on my team?

You can add people on the people page of each account by following these steps.

If you are unsure about how to set up access for other members of your team, please reach out to our support team at investorservices@carta.com. 

Why can’t we use two-factor authentication with shared login credentials?

We cannot send MFA/2FA codes to multiple people at once. 

Critically: resetting MFA/2FA can only be done for a person’s individual account. If a team member needs to reset MFA/2FA without a backup code, they will need to get in touch with our team and present a photo ID that matches the name on the account. 

How do I get this process started? 

Our Investor Services support team is happy to help you with this process. Reach out to them directly at: investorservices@carta.com. 

Why is this being required?

A password on its own gives you poor protection from hackers. They can steal them from other insecure websites or via malware, and people often reuse the same password for many accounts or choose passwords that hackers can easily guess. Carta is adding this additional security to protect your account from social engineering, phishing, and other related attacks.

Thank you for being a Carta customer, and we look forward to answering any questions you might have about this change.