Skip to main content
All CollectionsDashboard
Two Factor Authentication
Two Factor Authentication

Also known as 2FA, adds an extra layer of security to your Subsplash Dashboard.

Cody Walton avatar
Written by Cody Walton
Updated over 3 months ago

When you sign in, we’ll ask you to enter your email and password, then you’ll be prompted with one of the 2FA methods below and enter a code into Subsplash to complete the sign-in process. 2FA is for Subsplash dashboard users and does not apply to end users.

Email One-Time Password (Default)

If logging into Subsplash from a new or unrecognized device, a confirmation code will be emailed to you to confirm who the user is.

Enabled by default and required for all dashboard users.

If it's a recognized device you can log in with just your email and password.

Be sure to check spam/junk if you do not see the email in your inbox. Codes expire after 1 hour and requesting a new code will make the previous code invalid.

If you do not have access to this email inbox then you will not be able to confirm the new device. Shared user accounts are against the Subsplash Terms of Service and a different Dashboard admin will need to log in to invite a new user with an email that can be accessed.

If you received this email and do not recognize the activity, your password should be reset as soon as possible.

This method of 2FA will be disabled if you opt-in to an additional 2FA method below.

Opt-In Methods

If you would like additional security when logging into Subsplash, you can add an opt-in method of your choice.

General Setup

To enable one of the following methods of 2FA you will need to log in to your Dashboard and navigate to your User settings.

Here you will see Enable 2FA:

This will prompt you to log out and begin the setup process for 2FA.

At this point, you will select what method you would like to enroll in, either TOTP or SMS.

SMS

Receive verification codes by text message (SMS) to your phone number.

Start by entering your phone number.

Then enter the 6-digit code that was sent to it.

TOTP

Time-based one-time password (TOTP) is a security method that allows a third-party app or password manager to generate a security code for the platform you are logging into.

The code will be required the first time you log in with 2FA and each time you log in with a different device

Choose Authenticator App

You’ll be prompted to download an authenticator app. You can use any authenticator app you prefer, or you can download one of our recommendations. We recommend:

  • Google Authenticator

  • Microsoft Authenticator

  • Authy

Link your Subsplash account to the authenticator app

When you have your preferred authentication app downloaded, grab your phone and scan the QR code with your phone’s camera. Or you can type in the code in your app by clicking Enter verification code.

QR Code

Setup Key

Enter the code from your authentication app

Once your code has been generated, copy and paste it into the following screen to continue.

Confirm your Name

After setting up TOTP or SMS, you will confirm your First and Last name which will be used to verify your identity should you have trouble accessing your account.

This should match what is on your photo ID.

Recovery Code

After confirming your name you will be presented your recovery code. This code will allow you to sign into Subsplash if you lose access to your authenticator app or if you enter the code incorrectly 5 times in a row.

Make sure you keep this code safe.

Once you use your recovery code, it will automatically expire and remove 2FA from your account. If you want to enable it again, just follow steps 1-5 above.

What happens if you get locked out of your account?

We understand that things happen, new computers, lost access to emails, etc. If you need help getting back into your account follow the steps below.

Start by clicking Try another method which will allow you to input your recovery code.

If you did not save your recovery code you can then choose I don’t have my backup recovery code and that will lock your account, requiring an admin to unlock it.

You will receive an email that your Admins have been notified.

Resetting Two-Factor Authentication

Steps from this point will depend on whether you have Admin permissions in your Dashboard.

Not an Admin User

An Admin user from your Dashboard will need to unlock your account. From the steps above they have been notified that you need help and can log in to the Dashboard to reset your 2FA.

Admin User

If you are an admin user, be on the lookout for Dashboard users who are requesting help getting logged in and resetting their Two-factor authentication.

If you, as an admin, lost access to your Two-factor authentication, just go through the steps above and another Admin can reset it for you once they log in.

If there are no other admin users on your Dashboard, unlocking the account takes a few extra steps. Follow the same instructions as above. When you receive the email, click Contact Support.

This link will take you to our meeting scheduling option, where you will select a time to meet with a Support agent. We will get on a live video meeting and request to see a photo ID with the same First and Last name that we have captured when setting up 2FA. As long as everything matches, we will unlock your user.

FAQs

Can I disable OTP/2FA?

One method is required for all Dashboard users due to the sensitivity of information available to admins. OTP can be disabled by opting into one of the additional 2FA methods like SMS or TOTP. If you are using an opt-in method you can choose to disable it at any point and return to OTP.

What if I do not receive an email with my OTP?

An email will either deliver or bounce, most often it delivers but may be flagged by your inbox as spam/junk.

If it bounces that means your email provider or inbox could not receive the email, this could be due to technical issues on their end, or the email/sender was blocked for various reasons. To resolve this you will need to whitelist the @subsplash.com domain or work with your email provider to unblock us.

Spamming and requesting too many codes can cause email providers to block us.

Some email providers do not update (fetch) automatically or will delay the delivery of mail under certain circumstances. OTPs will last for 1 hour so before you request another code make sure to manually refresh your inbox or adjust your settings if possible.

Did this answer your question?