What is two-factor authentication?
Two-Factor Authentication (2FA) is an additional layer of security on your Customer.io account. When 2FA is enabled for your account, an extra step is added to the login process. You'll be required to enter a code from an external authentication app in addition to your password.
Why do you need it?
Enabling 2FA means that even if your regular password is ever compromised or stolen, only you can log into your account, because only you have the authentication code.
We highly recommend enabling 2FA on your Customer.io account. Thankfully, the setup process is easy, and you only need to do it once.
How to set up 2FA
Install an authentication app
First, make sure you have a two-factor authentication app installed. We support anything that uses Time-Based One Time Passwords (TOPT). Some well known examples are:
- iOS: Google Authenticator, Microsoft Authenticator, Authy, Duo Mobile, and 1Password
- Android: Google Authenticator, Microsoft Authenticator, Authy, Duo Mobile, and 1Password
- Windows Phone: Microsoft Authenticator, Duo Mobile
- Desktop: 1Password, Authy (Chrome ext.)
Visit your account settings
Go to your Account Settings in Customer.io, and click Security.
You will see here that 2FA is disabled. Click Enable to start the process, and have your authentication app at the ready.
Scan the QR code, and enter your authentication code
You will then see a QR code; scan it with your app, and enter the authentication code in the input box. You can also enter this code manually. Click Continue once you've entered the code:
Save your backup codes (and keep them safe)!
After you enter the authentication code, you’ll get ten backup codes. Save or print these and don't lose them! You’ll need them to regain account access if you ever lose access to your device; the 'Done' button will be disabled until you save them:
That’s it! Once you save your backup codes, two-factor authentication is set up. If you return to this page in the future, you can view your backup codes or generate new ones— just remember to get rid of the old codes if you do the latter.
## Frequently asked questions
Can I enable two-factor authentication for the rest of the users in my account?
If you are an admin on your account, you can see which team members in your account have 2FA enabled or disabled, but it's not currently possible to enable or disable 2FA for each team member.
I lost my device/I'm locked out! What do I do?
No problem! We've got a few options to get you back in:
1. Use a recovery code
Grab your backup codes from wherever you've saved or printed them, and use one of those at this login screen instead of your authentication code:
Note that once you use a code, you can't use it again.
2. Have a team member remove and re-add you
If you have other team members with admin privileges, have one of them remove your account and re-add you on the Team Members page.
You'll have to re-set a password and set up two-factor authentication again, but you'll regain access. Team member accounts have no account data associated so it's completely safe to be completely removed and re-added.
3. Contact us
If you have no backup codes and no other team members, you'll have to contact our support team and we’ll have to verify your account details and identity. This option may take a little longer, but accounts contain sensitive information and we want to keep someone who may be impersonating you from gaining access.