Articles on: Admin Settings

Secure Your AfterShip Account With Two-Factor Authentication (2FA)

Overview



Two-factor authentication adds an extra layer of security to your account and offers a more secure login process. AfterShip offers support for 2FA both on the Account (individual) and Organization (requiring all members associated with an organization to enable 2FA) levels.

There are two ways to enable 2FA for your AfterShip account

Authenticator app
Backup codes

Two-factor authentication: Account settings



1. Enable two-factor authentication


Click your Username or Account picture in the AfterShip admin
Click Manage account > Security
Click Enable two-factor authentication under the Two-factor authentication section



Enter the verification code sent to your email to verify your email address
Install an Authentication app (download the free Google Authenticator app)
Scan the QR code using your authenticator app to set up your account
Enter the six-digit code generated by your authenticator app, and then click Enable



Once 2FA is enabled for your account, you will be asked to enter the 6-digit code generated in your authenticator app next time you log in.

Save your backup codes: You will be provided with 12 one-time-use backup codes once you enable your 2FA. These codes can be used in case you lose your device or can’t receive codes in your authenticator app. Save them somewhere safe.



2. Disable two-factor authentication


If you don’t want 2FA enabled for your account every time you log in, you can disable it.



Click Disable two-factor authentication
Enter the 6-digit code generated in your authenticator app to disable two-factor authentication. Click Verify code



If you can’t receive your 6-digit code or cannot access your authenticator app, click on the blue alert below the code field



On a new popup, enter your first backup code out of the 12 codes you were provided when you first enabled the 2FA
Click Verify code to disable two-factor authentication

3. Reset two-factor authentication


If you lose or change your 2FA device or are otherwise unable to access your authentication app, you can reset two-factor authentication.



Click Reset two-factor authentication
Enter the verification code sent to your email to verify your email address
Enter the six-digit code generated by your authenticator app, and then click Verify code



If you can’t receive your 6-digit code or cannot access your authenticator app, click on the blue alert below the code field



On a new popup, enter your first backup code out of the 12 codes you were provided when you first enabled the 2FA
Click Verify code to reset two-factor authentication

On a new popup, install an Authentication app (download the free Google Authenticator app)

Scan the QR code using your authenticator app to set up your account
Enter the six-digit code generated by your authenticator app, and then click Reset

Save your backup codes: You will be provided with 12 one-time-use backup codes once again when you reset your 2FA. These codes can be used in case you lose your device or can’t receive codes in your authenticator app. Save them somewhere safe.

4. Backup codes


Backup codes, as the name suggests, are the recovery codes that can be used in case you lose your device in which you have your authenticator app or cannot receive codes in your authenticator app.

- 12 one-time-use codes are provided when you enable 2FA
- Each backup with 12 characters long and cannot be used more than once
- Once all codes are used, it is important to regenerate the next set of new 12 backup codes in case you need them in unforeseen situations

To generate new backup codes

Click your Username or Account picture in the AfterShip admin
Click Manage account > Security
Click Generate new backup codes



Enter the six-digit code generated by your authenticator app, and then click Verify code to replace your current backup codes with new ones.

If you can’t receive your 6-digit code or cannot access your authenticator app, click on the blue alert below the code field

On a new popup, enter your first backup code out of the 12 codes you were provided when you first enabled the 2FA and click Verify code
You will be provided with the new set of backup codes. You can copy the codes or download the .txt file

The old set of backup codes will become redundant as soon as new codes are generated.

Enforce two-factor authentication: Organization settings



You can enforce all the accounts associated with your organization to use two-factor authentication. Any member without two-factor authentication will be prompted to set it up.



To enable 2FA for all the members of your organization, go to Organization settings from your account settings
Navigate to Security
Shift the toggle to the right and click Enable to activate Require two-factor authentication for all members


Additional considerations


Only the admin and owner can enable 2FA for all the members in their organization
All the members of the organization including, newly added members will be prompted to enable 2FA when they try to login to their accounts once the admin/owner activates the 2FA
2FA is not available for users in the trial period to avoid malicious users
If a member has multiple organization permissions at the same time, if one of the organizations enables 2FA (Two-Factor Authentication), then 2FA verification will be required

Impact on organization settings on individual accounts



1. When two-factor authentication is enabled at the organization level

All the member accounts will receive an email notification to enable the 2FA



The members can proceed to enable 2FA from the email itself after logging into their account
The members will be taken to a new page to scan the QR using their authenticator app to set up an account or input the given code into their authenticator app to complete activation
The members will not get the option to Disable two-factor authentication in their Security settings and are required to keep it on at all times

2. When two-factor authentication is disabled at the organization level

The members can freely configure and enable 2FA at the account level
The members can disable 2FA at any point in their account
The members will be notified via email that they are no longer required to have 2FA enabled



In a multi-organization scenario if one org has enabled 2FA, the rest of the organizations must follow the process

Remember device



When you first log in to your account after enabling 2FA, you will be asked if you want AfterShip to remember the device and trust it moving forward.



If you opt for Remember me, AfterShip will trust your device and will not ask for 2FA code for the next 14-days. After a 14-day period, you will be asked to enter the 2FA code and verify yourself again
If you opt for Ask for 2FA every time, you need to enter the 2FA code every time you log in
If you change the device, you must go through the 2FA process and confirm whether to trust the new device.

Updated on: 06/08/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!