kbase · MrCreosote · Nov 18, 2025 · Nov 18, 2025
diff --git a/src/main/java/us/kbase/auth2/lib/token/MFAStatus.java b/src/main/java/us/kbase/auth2/lib/token/MFAStatus.java
@@ -7,21 +7,23 @@
 public enum MFAStatus {
 
 	/* first arg is ID, second arg is description. ID CANNOT change
-	 * since that field is stored in the DB.
+	 * since that field is stored in the DB. Description is exposed in the service API / UI.
+	 * This allows for changing the variable name or API name without breaking the database
+	 * records.
 	 */
 
 	/** User authenticated with MFA during token creation. */
-	USED			("Used", "MFA used"),
+	USED			("Used", "Used"),
 
 	/** User explicitly chose not to use MFA when available. */
-	NOT_USED		("NotUsed", "MFA not used"),
+	NOT_USED		("NotUsed", "NotUsed"),
 
 	/** MFA status catch all. Covers
 	 * - source did not provide enough information to determine MFA status
 	 * - source does not support MFA
 	 * - MFA is not applicable to the data (e.g. token types other than Login)
 	 */
-	UNKNOWN			("Unknown", "MFA status unknown");
+	UNKNOWN			("Unknown", "Unknown");
 
 	private static final Map<String, MFAStatus> STATUS_MAP = new HashMap<>();
 	static {

diff --git a/src/test/java/us/kbase/test/auth2/lib/token/MFAStatusTest.java b/src/test/java/us/kbase/test/auth2/lib/token/MFAStatusTest.java
@@ -19,11 +19,11 @@ public void testValues() {
 	@Test
 	public void testMFAStatusGetDescription() throws Exception {
 		assertThat("incorrect Used description", MFAStatus.USED.getDescription(),
-				is("MFA used"));
+				is("Used"));
 		assertThat("incorrect NotUsed description", MFAStatus.NOT_USED.getDescription(),
-				is("MFA not used"));
+				is("NotUsed"));
 		assertThat("incorrect Unknown description", MFAStatus.UNKNOWN.getDescription(),
-				is("MFA status unknown"));
+				is("Unknown"));
 	}
 
 	@Test