Start Free trial

Articles in this section

See more →

Managing Two-Factor Authentication (2FA) in VWO

Venus Kaur
  • Updated
Share:
Follow
close this to read article

In this article, you’ll learn:

About Two-Factor Authentication

As the name implies, Two-Factor Authentication, or 2FA, is a two-level authentication mechanism that protects your data from cyber-crime and fraud. It assures that even if a third-party obtains your login credentials unlawfully, they will not be able to get past the additional layer of security provided by 2FA.

The first layer of authentication is done when you log in to an application using a username and password, face recognition or fingerprint scan. Once passing it, you will be taken to the second layer, which involves confirming your identity via entering an OTP - this is how 2FA typically works!

Two-Factor Authentication in VWO

VWO's Two-Factor Authentication fortifies the security of your VWO account online, with an extra layer of authentication, which can be configured by either of the following modes:

  • Link an external authenticator app to generate a one-time passcode
  • Use email code verification

The configured mode of authentication will be applied to each of your sessions.

In VWO, you can enable 2FA at the user level and workspace level. If enabled at the user level or the main workspace level, 2FA is performed at the login. If enabled at an additional workspace level, 2FA is performed at the time of switching over to that workspace.

INFO: You will only be asked to perform the 2FA once each session (at login or workspace switching, whichever is first).
NOTE: 2FA settings at different workspace levels are independent of each other i.e. the main workspace setting does not affect the additional workspaces. You must enable 2FA for each additional workspace via the corresponding settings.

Things to Consider Before Enabling Two-Factor Authentication in VWO

  • If 2FA is enabled at the workspace level but disabled at the user level, the users will still be requested to input the passcode they received on their email.
  • If 2FA is disabled at the main workspace and user levels but enabled for an additional workspace, you will be prompted to enter the passcode when you switch to that workspace.
  • When you enable 2FA on a workspace level, all the corresponding users are notified of the same via email.
  • In the case of using an authenticator app, you are allowed 5 attempts each for enabling/disabling 2FA per 60 seconds to enter the passcode right. When the limit expires, you will have to wait till the 60 seconds get over to be re-enabled with another set of 5 attempts for 60 seconds. This applies for login sessions too.
  • For email code verification, you can only generate 10 passcodes per day, each for enabling/disabling 2FA. When this limit lapses, you will not be able to enable/disable 2FA for the next 24 hours through the email code verification method of authentication.
  • You can only generate fifty passcodes per day for logging in (including regeneration of passcode), using email code verification.
  • If you enable SSO on your VWO account, you cannot enable 2FA; you can only enable either SSO or 2FA on your VWO account.

Enabling 2FA at User-level in VWO

To enable 2FA for your VWO account, follow this:

Procedure

  1. Log in to your VWO account.
  2. Click the gear icon on the top right, and go to Profile Details.
  3. Under the Security section, click Enable 2FA button.
  4. In the Enable Two-Factor Authentication dialog that appears, select an authentication method from either of the following and click Proceed:
    • Authenticator app - By default, this option remains selected. You can choose this option to use any third-party authentication app to fetch a passcode.
    • Email code verification - Choose this option to use the passcode sent to your email address.
      Authentication_Method.png
  5. If you have selected the Authenticator app option, you will be shown a quick response (QR) code. Scan the QR code with the authenticator app to link the app and generate a passcode. Alternatively, you can use the serial code that is displayed below the QR code.

    2FA_QR_Code.png

    Once done, click Next Step to enter the 6-digit passcode, as generated in the authenticator app.
  6. If you have selected the Email code verification option, the system will send a 6-digit passcode to your email address. If you have not received the passcode, use the Resend option that regenerates a new 6-digit passcode.
    NOTE: The passcode, as received via email is valid for 10 minutes. If you have any problems with the created passcode, please contact us at support@vwo.com.
  7. Post entering the passcode, click Verify and Enable 2FA.

Post-requisite

To verify if 2FA is successfully enabled for your VWO account, log out of your VWO account and log in again. You must now be prompted to enter the passcode after you have entered your email address and password.

NOTE: To disable 2FA at user-level, click the Disable 2FA button. This triggers a 6-digit passcode to your authenticator app or email address, as configured. Enter the passcode in the Disable Two-factor authentication? dialog that appears and click Verify and Disable 2FA. If the passcode matches, your attempt to disable 2FA will be authorized and you will receive an in-app and an email notification confirming the action.

Enabling 2FA at the Main Workspace Level in VWO

To enable 2FA for all the users of the main workspace, follow this:

Prerequisites

  1. Enable 2FA on the user level for yourself.
  2. You must have admin-level access or above in the main workspace. 

Procedure

  1. Click the gear icon on the top right, go to Accounts > Security.
  2. Navigate to the Two-factor authentication enforcement section and select the Enable two-factor authentication option. This will enforce 2FA for every user from the very next login.
  3. To finalize this change, click Confirm in the confirmation dialog that appears. 
NOTE: To disable 2FA for a workspace, deselect the Enable two-factor authentication option and click Yes, disable 2FA in the confirmation dialog that appears. You will receive an email notification confirming the action.

Workspaces with 2FA Enabled

To see the list of workspaces for which 2FA is enabled, follow this:

Procedure

  1. Click the gear icon on the top right, and go to Profile Details.
  2. Under the Security section, if 2FA is enabled for any workspace, you can see a list of those workspaces below the user level 2FA setting.
NOTE: When you consider changing the authentication method, you should first disable 2FA for yourself at the user level and re-enable the same after the change.

Was this article helpful?

Return to top

Related articles