Two-factor authentication (2FA) works by requesting a further verification form the user once they have logged in with their username and password.
There are two ways to enable 2FA on your Dotdigital account:
TOTP (Time-based one-time password): This is the most secure option, and selected by default. The user must scan a QR code with the authenticator app on their mobile device to set this up, and then enter the password generated for them when they log in.
SMS: We send a verification SMS message on login to the mobile number stored against the user account in Dotdigital.
Before you start
Things you need to know:
You must be the account owner, or a user with the Can manage account permission enabled, to set up two-factor authentication for an account.
You can’t use two-factor authentication if you have single sign-on (SSO) enabled for your account.
Learn how to set up Single Sign-On (SSO) for your account.Users who require access to an account with TOTP-type 2FA enabled must have downloaded an authenticator app to their mobile device, for example Microsoft Authenticator or Google Authenticator, to their mobile device.
How two-factor authentication works
Once two-factor authentication is enabled, we ask you to verify your log in:
when you log in to your account from a device or a browser that has not been used before.
when you log in using a browser or device where cookies have been cleared since you last logged in.
if it has been more than 30 days since you last logged in.
We use a cookie to check whether you have previously logged in with the same device or browser. This cookie has an expiry period of 30 days, which is reset with each successful login.
After you enter your username and password on the login page, depending on the method of 2FA your account has enabled, we either:
send you a text message containing a unique one-time authentication passcode. You must then enter the passcode to verify your identity.
prompt you to scan a QR code with the authenticator app on your mobile device to generate a one-time password which you enter to verify your identity.
On subsequent log ins, you are sent the code automatically without needing to re-scan a QR code.
Set up two-factor authentication
Expand the User menu and select Settings.
Go to General > Account settings.
Under the heading Security, select the Two-factor authentication checkbox.
Expand the drop-down menu and choose from:
SMS
Some additional setup is needed. Go to the section SMS authentication.TOTP
Select SAVE SETTINGS.
SMS authentication
A window opens and you are prompted to enter a mobile number for any account users who do not currently have one stored against their profile.
This is because two-factor authentication is activated at account level, so all users of the account need to be able to receive SMS verification messages.
If all account users already have a mobile number associated with them, then you instead see the Authentication mobile number field to allow you to confirm or update your own mobile number.
Select [Add mobile number] and enter a mobile number for a user, then select SAVE.
If you want to, you can select Send an SMS test to send a test message to your own mobile number once you have entered it.Once you have added mobile numbers for all requested users, select CONTINUE.
Select SAVE SETTINGS.
Add or edit a mobile number on your user profile
If you are a user on an account with SMS-based two-factor authentication enabled, you must ensure that you keep a valid mobile number on your profile so that you are able to verify your login when requested.
User mobile numbers
After SMS-based two-factor authentication has been set up on an account, the account owner is not able to edit or add mobile numbers for other account users. Only the user themselves can edit their user profile.
If a user removes or fails to update their mobile number and therefore cannot access the account, they must contact the support team to restore their access.
To add or edit a mobile number for your user profile:
Expand the User menu and select Your profile.
Select the edit icon.
Enter the mobile number that you want us to send your passcodes to.
Select SAVE.
Turn off two-factor authentication
To ensure the security of your account, if you want to turn off two-factor authentication, you must contact the support team.
Log in using two-factor authentication
If you meet the criteria for a two-factor authentication challenge, then the login process looks like this:
Go to the login page.
Enter your email address and password, then select LOG IN.
Verify your login:
SMS-based 2FA
We send an authentication passcode to your registered mobile phone number. In the Verification code box, enter your unique authentication passcode, then select VERIFY LOGIN.
TOTP-based 2FA
If it’s the first time you have logged in using TOTP-based authentication, you see a verification screen with a QR code and a request for a six-digit one-time password. Open the authenticator app on your mobile device and scan the QR code. Once your app has provided it, enter the password on the verification screen, and select VALIDATE.
On subsequent log-in attempts requiring you to verify, you just need to enter the password generated in your authenticator app.
Provided the verification code you have entered is correct, you are logged in to Dotdigital.
Not receiving the verification SMS
If you don't receive your verification SMS, try restarting your device. This can prompt the message to be delivered to you. If that doesn't work, you can contact our Support team for further help.
Reset two-factor authentication for a user
It may be that a user needs to reset their 2FA. This can be done by editing the user profile.
Expand the User menu and go to Settings > Users and teams > Users.
Select the user you want to reset 2FA for.
For Authentication method, select RESET.
Select SAVE.
Once 2FA has been reset the user must re-verify on their next log in by scanning the QR code generated by Dotdigital.