Home / / 2FA: Securing your account with two-factor authentication

2FA: Securing your account with two-factor authentication

What is two-factor authentication?

Two-factor authentication (2FA) is an important security method that can help protect you against password theft. When logging into an account, there are three types of authentication factors:

  • Something you know (such as a password)
  • Something you have (such as a security code or token)
  • Something you are (such as a fingerprint or facial recognition)

2FA requires two of these factors to log in, while a standard login process only requires one of these factors. In your email marketing account, users who set up 2FA receive a code on their phone that they must enter in order to log in. The code can either be generated by an authenticator app or sent via SMS.

We recommend using an authenticator app for 2FA, as they are more secure than SMS verification.

Authenticator apps

Authenticator apps are more secure than SMS, so that’s what we recommend. You can use any authenticator app that you’d like; the three most common ones are Duo Mobile, Google Authenticator, and Okta Verify.

Setting up 2FA with an app

  1. Click on the gear icon in the upper right corner.
  2. Select Profile from the dropdown menu.
  3. Click on the Security tab.
  4. Click on the Enable two-factor authentication button.
  5. In the pop-up window that appears, select Authentication app.
  6. On your phone, open your authenticator app. If this is your first time, you may need to take a minute to get set up.
  7. Follow the prompts to add a new account. Eventually, it will ask you to scan a QR code or enter a setup key.
  8. Return to your email marketing account. If you chose Enter a setup key, type the code at the bottom of the pop-up into your app. If you chose Scan a QR code, hold up your phone and align the box with the QR code on the screen.
    Set up 2FA via third-party authentication app pop-up screen. There is a blurred QR code in the center.
  9. A new entry will appear in your authenticator app with your username and a six-digit code. Type the code into the pop-up window in your email marketing account and click Verify code.
  10. Click Finish to complete the setup process.

The next time you log in, you will need both your password and the code from the authenticator app. Your authenticator app will regularly generate new codes, so you will use a different code each time you log in.

Setting up 2FA with SMS

  1. Click on the gear icon in the upper right corner.
  2. Select Profile from the dropdown menu.
  3. Click on the Security tab.
  4. Click on the Enable two-factor authentication button.
  5. In the pop-up window that appears, select Set up SMS login code instead.
  6. On the next screen, choose your country from the dropdown menu and enter your phone number. Then click on the Send verification code button.
  7. Open your phone and locate the SMS message with the verification code. Type the code into the pop-up window in your email marketing account and click Verify code.
  8. Click Finish to complete the setup process.

Next time you log in, you’ll receive an SMS message containing a new code. You will need both your password and that code to log in.

Frequently asked questions about 2FA

Can I disable 2FA?

Yes, you can remove 2FA in the Security tab, where you enabled it initially.

What if I lose my phone or access to the authenticator?

If you’ve lost your mobile phone, don’t have access to your authenticator, or can no longer access your account, you’ll need to reach out to your primary email marketing point of contact for help. Don’t forget to set up 2FA again once you regain access to your account!

What is the difference between 2FA and MFA?

2FA stands for two-factor authentication and MFA stands for multi-factor authentication. When logging in to an account, there are three different types of authentication factors:

  • Something you know (such as a password)
  • Something you have (such as a security code or token)
  • Something you are (such as a fingerprint or facial recognition)

2FA requires two of these factors in order to log in; MFA requires at least two factors but can require more. As a result, all 2FA is a type of MFA, but not all types of MFA are 2FA.

With security concerns on the rise, it is common for businesses to have a mandatory MFA protocol and we are no exception. We have implemented a one-time verification passcode security measure on all accounts. While we do not require 2FA at this time, it may be required in the future.

What is the difference between 2FA and the one-time verification code?

The one-time verification code (OTV) is similar to 2FA, but there are key differences. 2FA is currently optional, but OTV is not; we also cannot remove OTV from an account. Additionally, OTV codes are only required in specific circumstances, such as when logging in from a new location or IP address.

Do I have to set up 2FA for my username?

Two-factor authentication is not currently required, but it is strongly encouraged. 2FA is one of the best ways to protect your account. Without 2FA, logging in to your account requires only your username and password; if someone is able to guess or steal your username and password, there’s nothing stopping them from logging in to your account.

That’s where 2FA comes in. When you have 2FA set up, it becomes far more difficult for a bad actor to access your account because they won’t have the required 2FA code, even if they manage to get your username and password.

What if I use a shared account login?

It is not possible to use 2FA in conjunction with shared credentials. Each user should have their own, unique username and password. In addition to being an important security measure, individual credentials are required as part of our Services Agreement, which states that user login credentials cannot be shared.

If you’re currently using shared credentials, you should immediately add each authorized person as a user and then change your password.

I have 2FA set up, do I still have to go through the OTV process?

No, 2FA and SSO override the OTV requirement, since they are stronger forms of security. If you set up 2FA, you will no longer have to go through the OTV process.

What other steps can I take to secure my account?

Other best practices for account security include:

  • Use long, varied passwords or passphrases for all of your online accounts
  • Use a unique password for each site
  • Remove unnecessary or outdated users from your email marketing account
  • Set up 2FA for other sites whenever possible

It’s also important to pay attention to the emails that you receive. Phishing is an extremely common tool used to steal information. Before clicking on a link or attachment, take a moment to verify that the email is legitimate. For more information about identifying and avoiding phishing scams, check out this guide from the FTC.