Table of Contents

Two-Factor Authentication (2FA)

Jennifer Sneider Updated by Jennifer Sneider

This guide covers frequently asked questions around 2FA including when it is required, how to use it, and troubleshooting common problems.

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) is an extra layer of security designed to ensure that you are the only person who can access your account, even if someone knows your password.

With 2FA enabled, users are prompted to enter a six-digit code after entering their password. This six-digit code is available via a two-factor authentication app that is set up on the user’s personal device(s).

Why am I required to use Two-Factor Authentication?

Certain studios require that all productions have 2FA enabled. It can also be enabled per project by the Production Owner. If you are associated with any project that has 2FA enabled (whether it is active or wrapped), you will need to use 2FA to access your SyncOnSet user account.

See how to disable 2FA below.

Note: Mobile users will need to set up 2FA to use the web app. Actions like resetting passwords cannot be completed without setting up 2FA.

Setting up Two-Factor Authentication (2FA)

If any production you have access to requires 2FA, each time you log in to the website, you will be prompted to enter a 6-digit code following your password. This code will be generated by an authenticator app; we recommend using Google Authenticator or Authy with Multi-Device and Backups enabled.

2FA codes are generated by a third party app such as Google Authenticator or Authy. The first time 2FA has been enabled on a production you have access to, you will be prompted to set up 2FA after your next login after set up.

  1. Go to the App Store or Google Play to search for and install an authenticator app on your mobile device. We recommend Authy or Google Authenticator.

  1. Set up an account for the app with your email address.
  2. Sign into with your username (email) and password. You will be prompted to scan a QR code with the 2FA app.
  1. On the authenticator app, tap BEGIN SETUP (Google Authenticator) or the red (+) (Authy). The authenticator app will prompt you to scan the QR code.

Google Authenticator and Authy
  1. Tap Scan Barcode (Google Authenticator) or Scan QR Code (Authy).
Warning: If using Authy, you will be prompted to create a backups password (see more below). DO NOT SKIP THIS STEP! If you upgrade your mobile device or delete and reinstall the app, you will need this password to restore your account.
  1. After you scan the QR code, the app will generate a 6-digit time sensitive code for you to enter into SyncOnSet.
  2. Return to the login page and enter the 6-digit code from the app, along with your password.
  3. Click the blue Set Up Two Factor button. A pop-up will appear with your SyncOnSet account backup codes. 
  4. Save or print the Backup Codes and put in a secure location.
Pro Tip: Save the Backup Codes in a secure location that you will remember on your computer's Desktop or Documents folder. In the event your device is lost or stolen, you will need these single-use codes in place of the app-generated 2FA code. You can also access these Backup Codes again by going to your Edit Account page anytime you are logged in.

You will need to launch the authenticator app and enter the 6-digit code every time you log in to the SyncOnSet website.

Note: The code is time-sensitive and resets every 30 seconds.

Backup Codes for Two-Factor Authentication (2FA)

You are given a list of ten Backup Codes after you set up Two-Factor Authentication on your SyncOnSet login. These codes are single-use tokens that can be used in place of the app generated 6-digit codes.

Using Backup Codes

If you lose access to your authenticator app, you can use one of your Backup Codes to gain access to your SyncOnSet account. Once you are logged into SyncOnSet, follow the instructions below to Reset 2FA.

  1. Login to your SyncOnSet account with your username (email) and password.
  2. Under the Two-Factor field, click on Enter Recovery Code Instead.
  3. Enter one of your unused 8-digit Backup Codes.
  4. Click Login.

Regenerating Backup Codes

If you lost or misplaced your Backup Codes, you can access them again from your SyncOnSet login.

  1. Click the Gear icon.
  2. Click Edit Account.
  3. Click 2FA Setup.
  4. Click Get Recovery Codes.
  5. Enter your password and click Submit.
  6. Click Generate New Codes.
Pro Tip: We recommend that you save this information for your records and keep it in a secure location. In the event your device is lost or stolen, you will need these single-use codes in order to access your account. 

Resetting Two-Factor Authentication (2FA)

You can reset your 2FA yourself if you can log in to your SyncOnSet account, use the following steps:

  1. Hover over the Gear icon.
  2. Select Edit Account.
  3. Click 2FA Setup.
  4. Click Reset 2FA.
  5. Scan the QR code with an authenticator app.
  6. Enter the 6-digit code from the authenticator app and your password.
  7. Click Reset 2FA.
  8. Save Backup Codes.

Authy Multi-Device and Backup Password

Authy Backups Password is a feature provided by Authy that allows users to encrypt and sync their tokens across Authy’s servers. This means your tokens can be imported to multiple devices. This is not the same as the Backup Codes which are additional, single-use tokens that can be used if you lose access to your 2FA codes.

In order to set up Backups, you must first create a Backups Password to encrypt your data. Due to the encrypted nature of the data, your password is never stored by Authy and is therefore cannot be retrieved if you lose it or forget it. Backups is required to effectively use multi-device.

Authy Multi-Device is a feature that allows Authy users to log in to their account on multiple devices simultaneously. For security, when multi-device is disabled, Authy accounts and their tokens are device specific. This means if you get a new device or deletes and reinstalls the Authy app without multi-device enabled, your account is locked and inaccessible without Authy’s support.

Pro Tip: To avoid locking your Authy account, keep multi-device on at all times so you can access your account, regardless of device. Once you have Authy set up and multi-device enabled, download the Authy Google Chrome extension to make it easier to access your 2FA token from your web browser.

Disabling Two-Factor Authentication (2FA)

2FA is activated by a production, so it can only be disabled if you remove yourself from all 2FA secure productions, and then disable it for your account.

Disabling 2FA for a User

Remove 2FA-required Productions while logged into your SyncOnSet account:

  1. Click the Filmstrip icon to get to the My Productions page.
  2. Click the Trash Can icon in line with the production you want to leave.
  3. Click Leave to remove the production.
Warning: Production Owners and Department Heads cannot leave a production without deleting it. They must reassign pass off these responsibilities to another user first.

Once you have left the 2FA Production, you can disable 2FA:

  1. Hover over the Gear icon in the top right corner.
  2. Click Edit Account.
  3. Click 2FA Setup.
  4. Click Disable 2FA.

Disabling 2FA Production Wide

Only Production Owners can disable 2FA for an entire production.

  1. Click the Access Menu/Add Users icon in the top right corner.
  2. Click Security Settings.
  3. Set User Authentication to No.
  4. Click Save.

Any users that already have 2FA set up can disable 2FA for themselves, unless they still have access to other 2FA enabled productions.

Enabling 2FA on a Production

After alerting SyncOnSet that the production needs 2FA, Production Owners can enable 2FA for an entire production.

  1. Click the Access Menu/Add Users icon in the top right corner.
  2. Click Security Settings.
  3. Set User Authentication to Yes.
  4. Click Save.

How did we do?

Production Security

Managing Users and Permissions