Setting up Two-Factor Authentication
Setting up Two-Factor Authentication (2FA) is one of the best ways to secure your account from unauthorized access. This is a quick, simple process that requires two elements:
- Something you know: as in, your account’s password
- Something you have: as in, a physical device, like your cell phone or computer
To start, you’ll need to choose a 2FA application that will generate the 6-digit code required to log in. There are a number of applications, but here are a few solid options:
Once your 2FA application is installed and ready to go, it's time to activate 2FA on your Mailgun account. To start, log in to your Mailgun control panel.
Inside the Mailgun Control Panel (options displayed down the left-hand side on a dark column), use the following instructions:
- Click on Settings on the bottom left-hand side of your the Mailgun dashboard -> Scroll all the way down to 2FA.
- Click Activate 2FA.
- IMPORTANT: You'll first see a QR code, but, before proceeding, first scroll down and copy the 64-character paper key by clicking Download Key underneath the heading Download your account recovery "paper key." Make sure to store it in a secure location. This key is vital in recovering your account in the event that your 2FA device is lost, stolen, or malfunctioning.
- Open your 2FA application (one of the apps mentioned above, for example) and add a new account, usually by either scanning the QR code displayed in your Mailgun control panel at this panel, or by entering the 16-digit token under the QR code. Both are available in your Mailgun control panel after clicking Activate 2FA.
Enforcing 2FA on an account
If you so choose, an admin user can enforce 2FA for all users on an account. In order to do so, you must ensure that the admin user that is logged in already has 2FA enabled for their user. Once this is done, under Settings > Details > Account Details you will find the "Force auth scheme" section in which you can select the "Require TFA" button. You will be presented with 2 options:
- Clear all user sessions - This option will clear any logged in sessions and will require users to enable 2FA immediately
- Allow user sessions to stay logged in - This option will allow users to continue in their current session and setup 2FA once their session expires and they have to re login.
Upon the next sign-in, all users will be directed to setup 2FA in order to continue to sign-in.