Multi-Factor Authentication Policy

Organization: Sierra Digital Forge LLC Product covered: Mia Budget Buddy (Android mobile application) Effective date: May 14, 2026 Last reviewed: May 14, 2026 Document owner: Ronald Warren, Managing Member Version: 1.0 Related policies: Information Security Policy v1.0, Access Controls Policy v1.0

1. Purpose

This Multi-Factor Authentication Policy (“Policy”) defines how Sierra Digital Forge LLC (“Sierra Digital Forge”) authenticates users — both internal personnel and end consumers of Mia Budget Buddy — before granting access to systems and actions that involve sensitive data, financial integrations, or production assets.

The Policy operationalizes the authentication requirements summarized in Section 6 of the Sierra Digital Forge Access Controls Policy and Section 5 of the Sierra Digital Forge Information Security Policy. It adds the procedural depth needed to address consumer-side authentication requirements that arise from Sierra Digital Forge’s integration with financial-data partners, including Plaid Inc.

Objectives:

To require multi-factor authentication on every Sierra Digital Forge personnel account that touches production-relevant systems or data.
To require multi-factor authentication for consumer users of Mia Budget Buddy before any sensitive action is performed within the application, including (without limitation) the launch of the Plaid Link surface.
To define what constitutes a “factor” in Sierra Digital Forge’s authentication model.
To document the identity-provider and biometric-authentication choices Sierra Digital Forge has made, and the reasoning behind those choices.
To declare the relationship between MFA implementation status and Sierra Digital Forge’s request for production-tier access at financial-data partners.

2. Scope

This Policy applies to:

All Sierra Digital Forge personnel accounts on services that hold or control production-relevant data, code, or credentials. See Sections 5.1 and 6 of the Sierra Digital Forge Access Controls Policy for the enumerated list of in-scope accounts.
All consumer-user authentication paths inside the Mia Budget Buddy mobile application, including the initial sign-in path, the session-continuation path on subsequent app launches, and the step-up authentication path before sensitive actions.
All third-party authentication providers Sierra Digital Forge has integrated with to fulfill this Policy.

This Policy does NOT cover:

Subprocessor-internal authentication for their own employees and infrastructure. Each subprocessor maintains its own MFA posture.
Authentication inside Plaid Link itself. Plaid Link presents the bank’s authentication user interface directly to the user; Sierra Digital Forge does not intercept, modify, or weaken bank-side authentication.
Device-level authentication that the user has configured on their own Android device (lock screen, biometric enrollment), which Sierra Digital Forge does not control. Sierra Digital Forge does, however, leverage these device-level capabilities to implement application-level MFA, as described in Section 8.

3. Definitions

Term	Definition
Factor	A piece of evidence a user provides to authenticate. The three classical factor categories are knowledge (something the user knows, e.g., a password or PIN), possession (something the user has, e.g., a phone holding a TOTP app or a hardware key), and inherence (something the user is, e.g., a fingerprint or face).
Multi-factor authentication (MFA)	Authentication that requires at least two factors drawn from at least two different categories. A password plus an SMS code is MFA; two passwords are not.
Two-factor authentication (2FA)	A specific instance of MFA using exactly two factors. The terms are used interchangeably in this Policy.
Step-up authentication	An additional authentication challenge prompted before a sensitive action, even when the user is already authenticated for normal app use. The challenge typically requires a possession or inherence factor.
Federated authentication	Authentication delegated to a trusted external identity provider (e.g., Google) that authenticates the user on Sierra Digital Forge’s behalf and returns a verified identity assertion.
Biometric authentication	Authentication using a biological or behavioral characteristic of the user. In the Mia Budget Buddy context, this means the Android system’s biometric subsystem (fingerprint or face) as exposed through `androidx.biometric.BiometricPrompt`.
Sensitive action	An in-application action that requires step-up authentication regardless of session state. Enumerated in Section 6.3.

4. Roles & Responsibilities

Sierra Digital Forge is a single-member limited liability company. All Policy roles are currently vested in the Managing Member.

Role	Holder	Responsibility
Policy owner	Ronald Warren, Managing Member	Approves and maintains this Policy; signs off on identity-provider choices; defines the list of sensitive actions in Section 6.3.
Implementation lead	Ronald Warren, Managing Member	Implements and verifies the MFA controls described in this Policy in the Mia Budget Buddy application.
Operations	Ronald Warren, Managing Member	Maintains the personnel-side MFA posture (enabling 2FA on new accounts, rotating recovery codes, etc.).

5. MFA for Sierra Digital Forge Personnel

Sierra Digital Forge personnel-side multi-factor authentication is operational today. Two-factor authentication is enforced on every account that meets any of the criteria in Section 6.1 of the Sierra Digital Forge Access Controls Policy, including (without limitation):

Plaid Developer Dashboard
Google Cloud Console (Gemini API project)
ElevenLabs administrative dashboard
Google Play Console
Private GitHub repository hosting Mia Budget Buddy source code
Personal password manager that stores administrative credentials
Developer workstation operating-system account

The password manager that holds these credentials requires its own strong master password plus 2FA. No production-relevant account is exempt from 2FA. No shared administrative accounts are used.

Detailed account-management and credential-storage requirements are documented in Sections 5, 6, and 14 of the Sierra Digital Forge Access Controls Policy.

6. MFA for Consumer Users

This Section describes Sierra Digital Forge’s multi-factor authentication model for consumer users of Mia Budget Buddy. Section 10 describes the current implementation status and the timeline by which the model is to be fully operational.

6.1 Primary authentication

The primary authentication path uses federated authentication via Google Sign-In. Sierra Digital Forge has selected this approach for the following reasons:

Every Mia Budget Buddy user already has a Google account, because the application is distributed exclusively through the Google Play Store and requires an Android device.
Google enforces account-level multi-factor authentication on its own identity tier, which means a user who has 2FA enabled on their Google account brings that 2FA into the Mia Budget Buddy authentication path automatically.
Google Sign-In returns a verified identity assertion that Sierra Digital Forge can rely on without storing or comparing the user’s password.
Sierra Digital Forge never sees or stores user passwords under this model.

On first launch of Mia Budget Buddy, the user is prompted to sign in with Google. The resulting identity is persisted via the UserIdentityStore interface (Phase 0 stub in place today; production wiring tracked in Section 10) so that subsequent app launches resume the user’s session without requiring a fresh sign-in.

6.2 Step-up authentication before sensitive actions

Authentication once at sign-in is insufficient for sensitive actions inside the application. Sierra Digital Forge requires step-up authentication before any sensitive action defined in Section 6.3. The step-up factor is a biometric authentication via the AndroidX BiometricPrompt API, with automatic fall-through to the device’s PIN, pattern, or password when biometric is not enrolled.

The combination of:

Federated primary authentication at Google’s identity tier (where the user’s Google-account 2FA is enforced), plus
Biometric or device-PIN step-up authentication immediately before any sensitive action

constitutes Sierra Digital Forge’s MFA model for consumer users. The two factors satisfy the multi-factor requirement because they come from different categories (possession of the Google account device + inherence via biometric, or knowledge via device PIN).

6.3 Defined sensitive actions

The following in-application actions require step-up authentication. The list is canonical and is maintained by the Managing Member. The list will be extended as Mia Budget Buddy adds new features that touch sensitive data or initiate sensitive integrations.

Sensitive action	Why step-up is required
Launching Plaid Link	Plaid Link issues a long-lived access token tied to the user’s bank. The step-up confirms the person initiating the link is the device’s authorized user.
Revoking or relinking a Plaid bank connection	Equivalent sensitivity to initial link.
Initiating Delete Account & Wipe Data	Action is irreversible; permanently destroys all on-device data.
Revealing full bank account or routing numbers, if such a feature is added	The full account number is sensitive even when the rest of the account record is visible. (Not implemented today; listed for completeness.)
Exporting receipts, transactions, or other financial data outside the application	Once exported, the data leaves the app sandbox. (Future feature; listed for completeness.)

Routine, non-sensitive actions (viewing balances, browsing transactions, adding manual list items, taking a receipt photo, asking Mia for help) do NOT require step-up authentication. Requiring step-up for every interaction would degrade the user experience without proportionate security benefit.

7. Identity Provider Selection

Sierra Digital Forge has evaluated identity-provider options and selected Google Sign-In as the primary federated authentication provider for Mia Budget Buddy. The evaluation considered:

Provider	Suitability for Mia Budget Buddy
Google Sign-In	Selected. Android-platform native; every user already has a Google account; account-level 2FA enforced at the identity-provider tier; existing dependency in the Mia Budget Buddy codebase; no incremental subprocessor onboarding required.
Sign in with Apple	Not applicable on Android-only distribution. Could be revisited if Sierra Digital Forge releases an iOS application.
Firebase Auth (email + password + Firebase MFA enrollment)	More implementation work; requires Sierra Digital Forge to manage password storage and reset flows; weaker than federated provider for default user experience. Available as a fallback if Google Sign-In has to be disabled for any reason.
Custom email + password with SMS or TOTP MFA	Highest engineering cost; introduces Sierra Digital Forge as a custodian of user passwords; no offsetting benefit on a single-platform Android app.

Sierra Digital Forge reserves the right to add additional providers (Sign in with Apple if releasing on iOS, Sign in with Microsoft for enterprise users, etc.) at a later date. Any added provider will be required to enforce its own account-level 2FA at the identity tier, or to be explicitly documented as a fallback that requires Sierra Digital Forge to implement separate MFA.

8. Biometric Authentication Standards

Step-up authentication uses the AndroidX BiometricPrompt API. Sierra Digital Forge’s implementation requirements are:

Authenticator class. The prompt requires either BIOMETRIC_STRONG (Class 3 biometrics — fingerprint, face, iris on supported devices) or DEVICE_CREDENTIAL (the user’s device PIN, pattern, or password) as the fallback.
No biometric data stored by Sierra Digital Forge. Biometric verification is performed entirely inside the Android Keystore and the device’s hardware-backed Trusted Execution Environment. Sierra Digital Forge does not receive, store, or transmit any biometric template, image, or feature vector. The BiometricPrompt returns a binary success/failure result; Sierra Digital Forge sees only that result.
Fallback enrollment. When biometric hardware is not enrolled on the device, the prompt automatically falls back to device PIN, pattern, or password. The user is not required to enroll a biometric to use Mia Budget Buddy.
Re-prompt on retry. If a biometric attempt fails, the user is re-prompted up to the system limit. After repeated failure, the prompt automatically falls back to device credential.
No remember-me bypass for sensitive actions. Step-up authentication is required every time a sensitive action is initiated; there is no “remember this device for 30 days” affordance that would weaken the step-up.

9. Session Management

9.1 Initial session

After a successful primary authentication via Google Sign-In, Sierra Digital Forge persists the user’s identity assertion locally so subsequent app launches do not require a fresh sign-in. The persisted identity record:

Does not contain a password or any reusable credential.
Is stored in encrypted-at-rest application storage (EncryptedSharedPreferences).
Can be invalidated at any time by:
- The user, by signing out from Settings.
- The user, by initiating Delete Account & Wipe Data.
- The Android system, when the user uninstalls Mia Budget Buddy.

9.2 Step-up sessions

Step-up authentication is not cached. Each invocation of a sensitive action prompts for biometric or device credential anew. There is no “step-up valid for the next 5 minutes” shortcut.

9.3 Session-end behaviors

Sign-out clears the persisted identity record. The next launch requires a fresh Google Sign-In.
Delete Account & Wipe Data clears the identity record together with all other user data, then closes the application.

10. Implementation Status and Roadmap

Sierra Digital Forge has made the following commitments regarding the implementation status of this Policy. This Section is updated as implementation milestones are reached.

10.1 Current state

As of the Effective Date of this Policy:

Personnel-side MFA (Section 5). Operational. 2FA enforced on every in-scope account.
Consumer primary authentication (Section 6.1). In active development. The MiaAuth interface and UserIdentityStore scaffolding are present in the Mia Budget Buddy codebase (Phase 0 stub). The Google Sign-In provider call is implemented at a structural level but not yet exposed to end users in a released build.
Consumer step-up authentication (Section 6.2). In active development. The dependency on androidx.biometric will be added; the step-up gate will be wired around each action enumerated in Section 6.3.

10.2 Planned delivery

Milestone	Target
Connect `MiaAuth` Phase 0 stub to Google Sign-In; require sign-in at first launch; persist identity	Before requesting production-tier access at Plaid
Add biometric / device-credential step-up gate before each Section 6.3 sensitive action	Before requesting production-tier access at Plaid
End-to-end on-device validation of the MFA model	Before requesting production-tier access at Plaid
Public release of the MFA-enabled build to the Google Play Store	Coincident with or before the production-tier request

10.3 Production-tier gate

Sierra Digital Forge will not request production-tier access at Plaid (or at any other subprocessor whose terms require consumer MFA before sensitive integrations are surfaced) until the Section 10.2 milestones are complete and verified on device.

Development against the Plaid sandbox tier — which does not require consumer MFA — may proceed in parallel with MFA implementation.

11. Account Recovery

Account recovery for consumer users is handled at the identity-provider tier:

A user who loses access to their Google account follows Google’s standard account-recovery process. Sierra Digital Forge does not maintain a separate password-reset mechanism, because Sierra Digital Forge does not hold the user’s password.
A user who loses access to their device but retains their Google account can install Mia Budget Buddy on a new device and sign in fresh. Because Mia Budget Buddy stores user data on-device only, recovery to the new device starts with an empty state; the user re-links banks via Plaid Link as needed.
A user who recovers their Google account after a compromise event should also revoke any bank links via the original Mia Budget Buddy installation (if accessible) or via the Plaid Portal directly. Sierra Digital Forge’s in-app Plaid disconnect affordance is sufficient for the first path; for the second, Sierra Digital Forge directs the user to the Plaid Portal.

For personnel account recovery, see Section 12 of the Sierra Digital Forge Access Controls Policy.

12. Logging & Audit

12.1 Personnel authentication

Subprocessor dashboards and the developer workstation generate their own authentication logs on the vendor or operating-system side. Sierra Digital Forge does not aggregate these logs centrally because they are accessible directly from each respective console when needed for an investigation.

12.2 Consumer authentication

The Mia Budget Buddy application logs the following events to local Android logcat during development. None of these events are transmitted off-device in production builds.

Sign-in attempted (success / failure).
Sign-out invoked.
Step-up authentication prompted (success / failure / cancelled).
Sensitive action initiated.

The logged events do not include the user’s identity, biometric data, or any credential material. They record only the event type and timestamp for purposes of on-device diagnostics.

13. Exception Process

If an operational situation appears to require a deviation from this Policy (for example, a temporary disablement of step-up authentication during a debugging session), the exception is handled per Section 15 of the Sierra Digital Forge Access Controls Policy: documented in writing in advance, approved by the Managing Member, logged with start and end timestamps, and closed promptly when the underlying need ends.

No exception has been issued since the Effective Date of this Policy.

14. Policy Review

This Policy is reviewed in full at least once per calendar year by the Managing Member. The annual review considers:

Whether the identity-provider selection in Section 7 is still appropriate.
Whether the list of sensitive actions in Section 6.3 reflects the current feature set of Mia Budget Buddy.
Whether new authentication standards or vendor requirements have emerged that warrant a Policy update.
Whether the implementation status in Section 10 should be advanced or revised.

The Policy is also reviewed promptly on the occurrence of any of the events listed in Section 14.2 of the Sierra Digital Forge Access Controls Policy.

Sierra Digital Forge Information Security Policy (v1.0)
Sierra Digital Forge Access Controls Policy (v1.0)
Sierra Digital Forge Privacy Policy (published at the URL specified in the Google Play Console listing for Mia Budget Buddy)
Plaid Developer Agreement and Acceptable Use Policy

16. Distribution & Contact

This Policy is made available to partners, vendors, and regulators on request.

Sierra Digital Forge LLC — primary contacts

Channel	Detail
Mailing address	c/o Northwest Registered Agent LLC, 732 S. 6th St., Suite N, Las Vegas, NV 89101, USA
Executive email	ron@sierradigitalforge.com
Operations / security email	info@sierradigitalforge.com
Telephone (voice or text, mobile)	702-469-7646
Telephone (office)	1-855-SIERRA (1-855-743-7772)
Website	www.sierradigitalforge.com

17. Acknowledgment

I, Ronald Warren, in my capacity as Managing Member of Sierra Digital Forge LLC, attest that the personnel-side multi-factor authentication described in this Policy is operational as of the Effective Date, that the consumer-side multi-factor authentication described in this Policy is in active development with the delivery milestones recorded in Section 10, and that the production-tier gate in Section 10.3 will be honored. I commit to maintain, review, and update this Policy in accordance with the cadences specified herein.

Ronald Warren Managing Member, Sierra Digital Forge LLC Date: May 14, 2026