Multi-factor authentication (MFA), or two-factor authentication (2FA), is a crucial security measure that adds extra protection to your ShipHero account. By requiring users to enter a temporary code during login, MFA significantly enhances the security of your account. In this guide, we will walk you through the process of enabling MFA for your ShipHero account and managing it effectively.
NOTE: To enable MFA for your account, please get in touch with support to add the account flag.
Step 1: Accessing the Security Settings
To begin, log in to shipping.shiphero.com> Navigate to your user name on the bottom left-hand corner> Select Settings. Click on the "Security" tab to access the security settings.
Step 2: Enabling Multi-factor Authentication
Within the Security settings, locate the option to enable Multi-factor authentication. Toggle the switch to enable MFA for all users in your account. This action ensures that every user must go through the MFA process during login.
Step 3: Registering a Device
Once MFA is enabled, users will be prompted to register their devices during the next login. They will be presented with a screen displaying a QR code. This QR code can be scanned using an Authenticator app such as Google Authenticator or any other compatible app available.
Step 4: Disabling MFA for Individual Users
If you need to disable MFA for specific users, you can do so on a per-user basis. Go to shipping.shiphero.com> Users & Roles> and select the desired user. Toggle the switch to disable MFA for that user, which will also remove their registered device. If you re-enable MFA for that user later on, they will need to register their device again.
Step 5: Disabling MFA for the Entire Account
If you disable MFA for the entire ShipHero account, return to the Security page and toggle the MFA option off. This action will deregister all users and their devices. If you turn MFA back on in the future, users will need to register their devices again.
Important Note on API Usage with MFA:
If you use a standard user to generate API tokens, enabling MFA will prevent those tokens from functioning. To continue using the standard user for API access, you can either disable MFA for that user or switch to ShipHero's third-party developer accounts for API access.
Conclusion:
Multi-factor authentication for your ShipHero account is highly recommended to enhance security and prevent unauthorized access. Following the steps outlined in this guide, you can easily enable MFA, manage user-specific settings, and make informed decisions regarding API usage. You can use this valuable security feature to protect your ShipHero account effectively.