If you're looking to add an extra layer of security to your Memberstack site, read on. In this article, you'll learn how to add Two Factor Auth (2FA).
And for added security, I'll show you how to require Memberstack users to enable 2FA on their devices.
Before You Start
To use 2FA, you'll need an authenticator app on your smartphone or tablet. Good options (available for Android and iOS devices) include:
- Go to your Memberstack dashboard and click the Profile icon (it's in the bottom left corner of the screen).
- Select Account.
- On the Edit Profile popup, click the Set up button.
With the popup window open, complete these steps.
- Scan the QR code with the authenticator app on your device.
- Locate the six-digit security code on the app.
- Go back to the popup window and enter the code into the field.
- Click Verify Code.
The next window gives you a chance to back up your 2FA access, just in case there is a problem with the app or (more likely) you loose or break your device.
Copy the back up access codes and save them in a safe place. You can each access code just one time. Check the box to confirm you have read and accept the terms.
Click the Enable 2FA button.
That's it. 2FA is enabled.
From now on, each time you log in to your Memberstack account, you'll enter a new 2FA security code.
- Account owners – If you are the owner, you'll see a toggle switch to enable or disable on the Team page.
- Other team members – only owners can turn on or off 2FA for an entire project. If you are not the owner you can disable 2FA on your account (and lose access to the site) by navigating to your profile and click Turn off.
Adding 2FA to Apps
You can also force users to enable 2FA on their devices.
- Go to your Memberstack dashboard and click Settings on the side menu.
- Click the Team Members tab.
- Switch on the 2FA toggle.
- To disable 2FA, switch off the toggle.
The user experience
Once enabled, the user needs to complete all the steps described above before they can log in:
- download an authenticator app
- scan the QR code
- enter a security code
- copy back up codes
Now you know how to enable and disable 2FA protection for your account and your users' accounts.