Security is important, especially for systems that allow access to information about thousands of members.
We've introduced optional two-factor authentication support for user accounts that have access to organization-wide data as an enhanced security option. Two factor authentication is more secure because it combines something only you know (your password) with something only you have (your phone or a physical token). Instead of an attacker guessing or stealing your password to gain access to the ControlShift tools they would also need to steal your cellphone.
We're using Authy to provide Two Factor Authentication to customers, a vendor that allows authentication either over SMS or through a native mobile application.
With 2FA, after entering your password you'll be asked to enter an authentication code that verifies that you have possession of your cellphone in addition to knowing the correct user account password.
To enable two-factor authentication, log into your account and click the "my account" link in the dropdown menu. Beneath the change password option, there will be a link to "Enable Two Factor Authentication."
After clicking the link, you'll be asked for your mobile phone number. Choose your country code and then enter your number. Then click to enable.
If you're already using the Authy app, a new account will be created for ControlShift. If you're not already using the app, you can download it from the App Store, the Google Play Store, or add it to Google Chrome. Once you have the app, enter the displayed code before it expires. If you'd prefer to receive codes by SMS, click the "Request Auth Token SMS" link.
Once you've entered the code, 2FA will be enabled for your account. Then, whenever you log into your account you'll be asked for the an authentication code, which you can get via the app or by SMS.
Once an admin has 2FA enabled, their member account listing will also display the new setting. You can see which admins have enabled 2FA by going to "Members" under "Manage" and clicking "Admins." Those admins that have 2FA will have a checkmark in the second column.
If you need to disable 2FA, return to your account page (from the dropdown menu) and click "remove."
If you have any questions (or if you lose your phone and are need assistance unlocking your account), send us a support email to email@example.com.