What is two-factor authentication?
Two-Factor Authentication (2FA) is an additional layer of security on your Customer.io account. When 2FA is enabled for your account, an extra step is added to the login process. You'll be required to enter a code from an external authentication app in addition to your password.
Why do you need it?
Enabling 2FA means that even if your regular password is ever compromised or stolen, only you can log into your account, because only you have the authentication code.
We highly recommend requiring 2FA for all team members on your Customer.io account.
How to require 2FA for all team members
Only admins can set a Customer.io account to require 2FA for all team members. If you're an admin, simply visit your security settings and click "Require 2FA" at the top of the page.
You must enable two-factor authentication on your personal account before you can require it for all team members. Follow the instructions below to enable 2FA on your account.
Heads up! Any team members actively using Customer.io who have not setup 2FA will be redirected to set it up, as shown below. They will not be able to continue using Customer.io until they do.
How to set up 2FA
Install an authentication app
First, make sure you have a two-factor authentication app installed. We support anything that uses Time-Based One Time Passwords (TOPT). Some well known examples are:
- iOS: Google Authenticator, Microsoft Authenticator, Authy, Duo Mobile, and 1Password
- Android: Google Authenticator, Microsoft Authenticator, Authy, Duo Mobile, and 1Password
- Windows Phone: Microsoft Authenticator, Duo Mobile
- Desktop: 1Password, Authy (Chrome ext.)
Visit your account settings
Go to your Personal Settings in Customer.io.
You will see here that 2FA is disabled.
Click Manage 2FA to start the process, and have your authentication app at the ready.
Download your recovery codes (and keep them safe)!
At the beginning of the process, you’ll get ten recovery codes. Download, print or copy these and don't lose them! You’ll need them to regain account access if you ever lose access to your device. Once you've done this, press "Next".
Scan the QR code, and enter your authentication code
You will then see a QR code; scan it with your app, and enter the authentication code in the input box. You can also enter this code into your app manually.
That’s it! Two-factor authentication is set up. If you return to this page in the future, you can view your backup codes or generate new ones— just remember to get rid of the old codes if you do the latter.
Frequently asked questions
Can I enable two-factor authentication for the rest of the users in my account?
If you are an admin on your account, you can see which team members in your account have 2FA enabled or disabled, but it's not currently possible to enable or disable 2FA for each team member.
I lost my device/I'm locked out! What do I do?
No problem! We've got a few options to get you back in:
1. Use a recovery code
Grab your backup codes from wherever you've saved or printed them, and use one of those at this login screen instead of your authentication code:
Note that once you use a code, you can't use it again.
2. Have a team member remove and re-add you
If you have other team members with admin privileges, have one of them remove your account and re-add you on the Team Members page.
You'll have to re-set a password and set up two-factor authentication again, but you'll regain access. Team member accounts have no account data associated so it's completely safe to be completely removed and re-added.
3. Contact us
If you have no backup codes and no other team members, you'll have to contact our support team and we’ll have to verify your account details and identity. This option may take a little longer, but accounts contain sensitive information and we want to keep someone who may be impersonating you from gaining access.