Two-step verification

Two-step verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), adds an additional layer of security to your Litmus account by requiring two forms of authentication (password and SMS verification) during sign in.

How 2FA works

Once enabled, you will receive an SMS message at the phone number you registered. The SMS verification code is valid for 10 minutes. If you miss this timeframe, you can choose  Resend code and you'll get a new, updated code sent via SMS. Enter the code and then continue your Litmus sign in.

Alternatively, you can use Authy for our two-step verification. Download and install the Authy app. You will need to enter the same phone number you used for your Litmus SMS-based two-step verification. Once your Authy account is set up, when you're prompted for your two-step verification code, you can use either the code sent by SMS, the code generated by Authy, or you can use the Authy app to authenticate. 

Individual 2FA setup

NOTE: Enterprise account security may require 2FA for users. In that instance, some individual options will not be available.

Sign in and select Settings, then Security in the left menu. Select Enable two-step verification. Two-step verification at the individual level is available on all Litmus accounts. 

Two-step verification will be requested for every login and at least once every 30 days.

Multiple Litmus accounts

 Two-step verification will need to be set up for each Litmus account (including each subaccount). The same phone number can be used multiple times.

If you have numerous accounts and use different phone numbers, the second step will be requested each time you switch accounts. If the phone number is shared between accounts, you can switch between accounts within the Litmus app without the second factor being requested.

Enterprise 2FA setup

Account Holders can enforce two-step verification as an added level of security on their entire account. Once enforced, two-step verification requires all users to follow an SMS-based two-step verification experience.

Sign in and select Settings, then Security in the left menu under Your Subaccounts. Check the appropriate options to apply two-step verification to your account. Select Save two-step verification settings. Learn more about Advanced Security for Litmus Enterprise.

NOTE: If the account-wide setting is enforced, users will not be able to edit their individual settings to turn off two-step verification.

Phone situations

• Lost phone: During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code. If you have any issues finding this code, please contact hello@litmus.com.
• Low or dead battery on phone: During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code. If you have any issues finding this code, please contact us.
• New phone: During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code. Once you log in, you can temporarily disable two-step verification from your account and then enforce it again with your new phone.

NOTE: If two-step verification has been enforced account-wide, one-time codes will not work. Please contact us so we can assist you.