Why 2FA is Important
Two-Factor Authentication (2FA) adds an extra layer of security to your account. By requiring both your password and a second form of authentication, it significantly reduces the risk of unauthorised access. At Socket, we’re committed to protecting your data.
For 2FA in Socket, you can use Google Authenticator or any other compatible authenticator app. SMS-based 2FA will not be supported due to security vulnerabilities associated with SMS.
Setting up 2FA
2FA will be turned on for all customer accounts automatically at the start of September 2024 so you don't need to turn it on, you’ll simply be prompted with the below set up screen the next time you log in.
The setup process is super quick:
Click “Get Started” and then scan the QR code shown on screen with your preferred authenticator app.
Then enter the code from the authenticator app, into the box labelled ‘Code’.
⚠️ Save your recovery codes somewhere safe! ⚠️
In case your device with the authenticator app is lost, it’s critical that you save your recovery codes provided to you during the initial 2FA setup. They will now be displayed on screen as shown below.
These codes will allow you to regain access to your account if you no longer have access to your authenticator app.
2FA setup complete
Once you are set up, the 2FA section on your profile will display a green tick and show as enabled, meaning you are all done! 🙌
"Remember me" for 2FA
Once you have set up 2FA, the next time you login and enter your Username and Password, you’ll have the option to check a “Remember me for 30 days” box. If you check this box, you won’t be asked for 2FA authentication on trusted devices for 30 days, even if the login session expires.
However, if the login is not trusted (e.g., from a different device or location), you will be required to complete the 2FA process again within 24 hours.
Troubleshooting
Having trouble logging in with 2FA? This is where your recovery codes come in! If you don't have your authentication device handy then you can enter one of your recovery codes to access your account, you can only use each code once so when a code has been used, you’ll get given a new one to replace it.