Two-Step Verification: What is it and how does it work?
Two-step verification, also known as two-factor authentication (2FA) or multi-factor authentication (MFA), add an additional layer of security to your Litmus account by requiring two forms of authentication (password and SMS verification) during sign in.
When will the second factor (SMS) be requested? Two-step verification will be requested for every login and at least once every 30 days.
How can I enable two-step verification on my account? Within your personal security settings, you can turn on two-step verification as an added level of security on your account. Two-step verification at the individual level is available on all Litmus accounts.
I’m an Account Holder. How can I require all of my users to enable two-step verification? Available exclusively to Litmus Enterprise customers, Account Holders can enforce two-step verification as an added level of security on their entire account. Once enforced, two-step verification requires all users to follow an SMS-based two-step verification experience.
If the account-wide setting is enforced, users will not be able to edit their individual settings to turn off two-step verification.
How does two-step verification work if I have multiple Litmus accounts? Two-step verification will need to be set up for each Litmus account (including each subaccount). The same phone number can be used multiple times.
If you have numerous accounts and use different phone numbers, the second step will be requested each time you switch accounts. If the phone number is shared between accounts, you can switch between accounts within the Litmus app without the second factor being requested.
What happens if I lose my phone? During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code.
If you have any issues finding this code, please contact email@example.com.
What happens if I want to change my phone number? During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code. Once you log in, you can temporarily disable two-step verification from your account and then enforce it again with your new phone.
However, if two-step verification has been enforced account-wide, you will not be able to do this. Please contact firstname.lastname@example.org so we can assist you.
What happens if my phone is out of battery or temporarily unavailable? During the setup of two-step verification, you will be provided with a one-time code that can be used in place of the two-step verification SMS code. If you have any issues finding this code, please contact email@example.com.
How long is the SMS verification code valid for once it's sent? Once it's sent, the SMS verification code is valid for 10 minutes. If you miss this timeframe—don't worry! You can simply click "Resend code" and you'll get a new, updated code sent via SMS.