Two-Factor Authentication

Two-Factor Authentication


What is two-factor authentication?

Two-Factor Authentication (2FA) is an additional layer of security on your Customer.io account. When 2FA is enabled for your account, an extra step is added to the login process. You'll be required to enter a code from an external authentication app in addition to your password.

Why do you need it?

Enabling 2FA means that even if your regular password is ever compromised or stolen, only you can log into your account, because only you have the authentication code.

We highly recommend requiring 2FA for all team members on your Customer.io account.

How to require 2FA for all team members

Only admins can set a Customer.io account to require 2FA for all team members. If you're an admin, simply visit your team settings and click "Require 2FA" at the top of the page.

image
You must enable two-factor authentication on your personal account before you can require it for all team members. Follow the instructions below to enable 2FA on your account.

Heads up! Any team members actively using Customer.io who have not setup 2FA will be redirected to set it up, as shown below. They will not be able to continue using Customer.io until they do.

image

How to set up 2FA

Install an authentication app

First, make sure you have a two-factor authentication app installed. We support anything that uses Time-Based One Time Passwords (TOPT). Some well known examples are:

Visit your account settings

Go to your Personal Settings in Customer.io.

Personal settings

You will see here that 2FA is disabled.

image.png

Click Manage 2FA to start the process, and have your authentication app at the ready.

Two-factor Authentication disabled

Download your recovery codes (and keep them safe)!

At the beginning of the process, you’ll get ten recovery codes. Download, print or copy these and don't lose them! You’ll need them to regain account access if you ever lose access to your device. Once you've done this, press "Next".

Download recovery codes

Scan the QR code, and enter your authentication code

You will then see a QR code; scan it with your app, and enter the authentication code in the input box. You can also enter this code into your app manually.

Success!

Two factor enabled

That’s it! Two-factor authentication is set up. If you return to this page in the future, you can view your backup codes or generate new ones— just remember to get rid of the old codes if you do the latter.

Frequently asked questions

Can I enable two-factor authentication for the rest of the users in my account?

If you are an admin on your account, you can see which team members in your account have 2FA enabled or disabled, but it's not currently possible to enable or disable 2FA for each team member.

I lost my device/I'm locked out! What do I do?

No problem! We've got a few options to get you back in:

1. Use a recovery code

Grab your backup codes from wherever you've saved or printed them, and use one of those at this login screen instead of your authentication code:

Two-Factor Authentication code

Note that once you use a code, you can't use it again.

2. Have a team member remove and re-add you

If you have other team members with admin privileges, have one of them remove your account and re-add you on the Team Members page.

You'll have to re-set a password and set up two-factor authentication again, but you'll regain access. Team member accounts have no account data associated so it's completely safe to be completely removed and re-added.

3. Contact us

If you have no backup codes and no other team members, you'll have to contact our support team and we’ll have to verify your account details and identity. This option may take a little longer, but accounts contain sensitive information and we want to keep someone who may be impersonating you from gaining access.

Was this article helpful?