/mfa-guides

How to enable 2FA/MFA on a CDK Drive account?

Learn how to enable 2FA/MFA on your CDK Drive account to boost security and protect dealership data with this easy step-by-step guide.

Guide

How to enable 2FA/MFA on a CDK Drive account?

How to Enable 2FA/MFA on Your CDK Drive Account: A Step-by-Step Guide

Enabling Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) on your CDK Drive account is one of the best ways to protect your dealership’s sensitive data. 2FA/MFA adds an extra layer of security by requiring not just your password, but also a second verification step—like a code from your phone. Here’s how to do it, explained in simple terms:

Understand What 2FA/MFA Means: 2FA (Two-Factor Authentication) and MFA (Multi-Factor Authentication) are security methods that require you to provide two or more pieces of evidence (factors) to log in. Usually, this means something you know (your password) and something you have (like a code sent to your phone).
Log In to Your CDK Drive Account: Go to the CDK Drive login page and enter your username and password as usual. If you don’t know your login details, contact your dealership’s IT administrator or support team.
Access Security Settings: Once logged in, look for your account or profile settings. This is often found by clicking your name or a gear icon in the top right corner. Find the section labeled “Security,” “Account Security,” or “Login Settings.”
Find the 2FA/MFA Option: In the security settings, look for an option that says “Enable Two-Factor Authentication,” “Enable Multi-Factor Authentication,” or something similar. If you don’t see it, your dealership may need to enable this feature first. If you need help, reach out to a consulting firm like OCD Tech for readiness assessment and support.
Choose Your Authentication Method: CDK Drive may offer several options for the second factor, such as:
- Text message (SMS) codes sent to your phone
- Authenticator apps (like Google Authenticator or Microsoft Authenticator)
- Email codes
Select the method you prefer and follow the on-screen instructions.
Set Up the Second Factor: If you choose an authenticator app, you’ll usually scan a QR code with your phone. If you choose SMS or email, you’ll receive a code to enter on the website. This step links your phone or email to your CDK Drive account.
Confirm and Save: After entering the code, confirm your setup. CDK Drive may ask you to test the new login process by logging out and back in. Make sure you save any backup codes provided—these can help you get back into your account if you lose access to your phone.
Regularly Review Your Security: Periodically check your security settings to ensure your 2FA/MFA is still active and your contact information is up to date. If you have questions or need a security assessment, OCD Tech can help your dealership stay protected.

Enabling 2FA/MFA on your CDK Drive account is a simple but powerful way to prevent unauthorized access and protect your dealership’s data. If you run into any issues or want expert guidance, don’t hesitate to contact OCD Tech for consulting and readiness assessment services.

Best Practices

Best Practices and Tips for Securing Your CDK Drive Account

Securing your CDK Drive account is essential to protect your personal and vehicle information from unauthorized access and potential cyber threats. Implementing the following best practices will help ensure your account remains safe and your data secure:

Create a strong, unique password - Use a password with at least 12 characters, combining uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information such as names or birthdates.
Enable two-factor authentication (2FA) - Add an extra layer of security by requiring a second form of verification when logging in, such as a code sent to your mobile device.
Be cautious with email and SMS communications - Watch out for phishing attempts pretending to be from CDK Drive. Always verify the sender’s authenticity before clicking links or providing personal information.
Regularly monitor account activity - Check your CDK Drive account for any unusual login attempts or changes. Report suspicious activity to CDK Drive support immediately.
Use secure internet connections - Avoid accessing your account over public Wi-Fi networks. If necessary, use a trusted VPN to protect your data from interception.
Keep your devices updated - Ensure your computer and mobile devices have the latest security patches and antivirus software installed to prevent malware infections.
Log out after each session - Always sign out of your CDK Drive account when finished, especially on shared or public devices, to prevent unauthorized access.
Limit account permissions - Only grant necessary access rights within your CDK Drive account to reduce potential security risks.
Use a password manager - Consider using a reputable password manager to generate and store complex passwords securely, reducing the risk of password reuse or loss.
Be mindful of third-party integrations - Only connect your CDK Drive account with trusted services and review permissions regularly to avoid exposing your data to unnecessary risks.

If you suspect your CDK Drive account has been compromised, change your password immediately and contact CDK Drive support for assistance. Maintaining vigilance and following these security tips will help protect your account and the valuable information it contains.

Frequently asked questions

What services does OCD Tech provide?

OCD Tech offers a comprehensive suite of cybersecurity and IT assurance services, including SOC 2/3 and SOC for Cybersecurity reporting, IT vulnerability and penetration testing, privileged access management, social engineering assessments, virtual CISO (vCISO) support, IT general controls audits, WISP development, and compliance assistance for frameworks like CMMC, DFARS, and FTC Safeguards.

Which industries does OCD Tech serve?

OCD Tech specializes in serving highly regulated sectors such as financial services, government, higher education, auto dealerships, enterprise organizations, and not-for-profits throughout New England.

How long does an IT security assessment take?

Typically, OCD Tech’s on-site work spans 1–2 days, depending on complexity and number of sites, followed by 1–2 weeks of analysis and reporting to deliver clear, actionable recommendations.

Why should I get SOC 2 compliant?

SOC 2 reporting demonstrates to clients and prospects that an organization follows best-in-class controls over security, availability, processing integrity, confidentiality, and privacy—boosting trust, meeting RFP/due diligence requirements, and helping secure contracts. OCD Tech helps organizations achieve and maintain this compliance.

Can OCD Tech help me with federal cybersecurity regulations?

Yes—OCD Tech provides guidance for compliance with DFARS (NIST 800‑171), CMMC (Levels 1–3), and FTC Safeguards, ensuring organizations meet specific government or industry-based cybersecurity mandates.

What is a virtual CISO (vCISO), and do I need one?

A virtual CISO delivers strategic, executive-level cybersecurity leadership as a service. OCD Tech’s vCISO service is ideal for organizations lacking a full-time CISO and helps build programs, define policy, oversee risk, and guide security maturity.

Does OCD Tech offer ongoing security training or audits for staff?

Absolutely. OCD Tech provides tailored internal IT Audit training and security awareness sessions, plus annual reviews of Written Information Security Programs (WISP), such as Massachusetts 201 CMR 17 and other state or industry-specific controls.

Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info