Two-factor authentication works by sending a verification SMS message on login to the mobile number stored against the user account in Dotdigital.
Before you start
Things you need to know:
You must be the account owner to set up two-factor authentication for an account.
You can’t use two-factor authentication SMS codes if you have single sign-on (SSO) enabled for your account.
How two-factor authentication works
Once two-factor authentication is enabled, we ask you to verify your log in:
when you log in to your account from a device or a browser that has not been used before.
when you log in using a browser or device where cookies have been cleared since you last logged in.
if it has been more than 30 days since you last logged in.
We use a cookie to check whether you have previously logged in with the same device or browser. This cookie has an expiry period of 30 days, which is reset with each successful login.
After you enter your username and password on the login page, we send you a text message containing a unique one-time authentication passcode. You must then enter the passcode to verify your identity.
Set up two-factor authentication
To set up two-factor authentication on your account:
Expand the User menu and select Settings.
Go to General > Account settings.
Under the heading Security, select the Two-factor authentication checkbox.
A window opens and you are prompted to enter a mobile number for any account users who do not currently have one stored against their profile. This is because two-factor authentication is activated at account level, so all users of the account need to be able to receive SMS verification messages.
If all account users already have a mobile number associated with them, then you instead see the Authentication mobile number field to allow you to confirm or update your own mobile number.
Select [Add mobile number] and enter a mobile number for a user, then select SAVE.
If you want to, you can select Send an SMS test to send a test message to your own mobile number once you have entered it.
Once you have added mobile numbers for all requested users, select CONTINUE.
Select SAVE SETTINGS.
Add or edit a mobile number on your user profile
If you are a user on an account with two-factor authentication enabled, you must ensure that you keep a valid mobile number on your profile so that you are able to verify your login when requested.
User mobile numbers
Once two-factor authentication has been set up on an account, the account owner is not able to edit or add mobile numbers for other account users. Only the user themselves can edit their user profile. If a user removes or fails to update their mobile number and therefore cannot access the account, they need to contact the support team to restore their access.
To add or edit a mobile number for your user profile:
Expand the User menu and select Your profile.
Select the edit icon.
Enter the mobile number that you want us to send your passcodes to.
Turn off two-factor authentication
To ensure the security of your account, if you want to turn off two-factor authentication, you must contact the support team.
Log in using two-factor authentication
If you meet the criteria for a two-factor authentication challenge, then the login process looks like this:
Go to the login page.
Enter your email address and password, then select LOG IN.
Once you've successfully entered your details, we send an authentication passcode to your registered mobile phone number. In the Verification code box, enter your unique authentication passcode, then select VERIFY LOGIN.