Looking for something specific? Skip ahead:
Security is important, especially for systems that allow access to information about thousands of members. For organization administrators, particularly those with access to organization-wide member data, we strongly recommend enabling two-factor authentication.
With two-factor authentication (2FA), after entering your password you'll be asked to enter an authentication code that verifies that you have possession of your cellphone. Therefore, 2FA adds a second layer of account security because it combines something only you know (your password) with something only you have access to (your phone or a physical token). Instead of an attacker guessing or stealing your password to gain access to the ControlShift tools, they would also need to steal your cellphone.
We're using Authy to provide two-factor authentication to customers. Authy is a vendor that allows authentication either over SMS or through a native mobile application.
How do I enabled 2FA?
To enable 2FA, log into your account and click the My Account link in the dropdown menu. Below the Change Password option, there will be a link to Enable Two Factor Authentication.
After clicking the link, you'll be asked for your mobile phone number. Choose your country code and then enter your number. Then click to Enable.
If you're already using the Authy app, a new account will be created for ControlShift. If you're not already using the app, you can download it from the App Store or the Google Play Store. Once you have the app, enter the displayed code before it expires. If you'd prefer to receive codes by SMS, click the Request Auth Token SMS link and the code will be messaged to you.
Once you've entered the code, 2FA will be enabled for your account. Then, whenever you log into your account, you'll be asked for the authentication code, which you can get via the app or by SMS.
Once an admin has 2FA enabled, their member account listing will also reflect the new setting. You can see which admins have enabled 2FA by going to Manage > People > Admins. The admins using 2FA will have a checkmark in the second column.
If you need to disable 2FA, return to your account page (from the dropdown menu) and click Remove.
If you have any questions (or if you lose your phone and need assistance unlocking your account), send us a support email to email@example.com.