Set up two-factor authentication for your Zefort account

Two-factor authentication (also called 2FA or two-step authentication) is a highly recommended security feature that adds an extra layer of protection to your Zefort account. Enabling two-factor authentication means that you need access to a specific device, such as the computer on which you usually use Zefort, in order to sign in.

Zefort uses the modern WebAuthn standard for authentication. WebAuthn provides excellent protection against phishing attacks, for example.

In practice, after you set up 2FA, you will be asked to authenticate yourself on your device whenever logging in to Zefort. Authentication method depends on your device – it can be the device password, PIN code or biometric authentication, such as fingerprint or face recognition.

Enabling two-factor authentication

To enable two-factor authentication, sign in to your Zefort account and navigate to My Settings → Two-Factor Authentication (2FA), and click the Add 2FA Device button.

You will be guided through steps to add a new device.  The exact details depend on your browser and operating system, but in general:

  1. Give a memorable name for your device, for example “My Macbook Pro”.
  2. Enter your password.
  3. Use your preferred authentication method, such as Touch ID, or use an portable security device, such as a Yubikey.
  4. Save your recovery key.

It is important to save your recovery key to a safe place.  In case you lose access to all your authentication devices, you can use the recovery key to restore access to your account.  If you lose your recovery key, you can generate a new key as long as you still have access to at least one of your authentication devices.

Adding a second device

The recovery key is intended only as a last resort. It is highly recommended to add at least one more authentication device, in case you lose your primary device.  For example, if you usually use a laptop, it’s a good idea to also add your phone and tablet.

First, sign in with your second device:

  1. Open Zefort on your browser and enter your email address and password.
  2. Verify the sign-in request on your primary device.

Like when adding your first device, navigate to My Settings → Two-Factor Authentication (2FA), and click the Add 2FA Device button.

  1. Give a memorable name for your device, for example “My iPad”.
  2. Use your preferred authentication method, such as Face ID.
  3. Go back to your primary device, and open the request to add a new device.
    Notification about a new authentication device
  4. Still on your primary device, select the “Verify” action to finish adding your new device.

Signing in

When 2FA is enabled on your account, the sign-in procedure is goes as follows:

  1. Enter your email address (or choose from remembered users)
  2. Enter your password
  3. Authenticate with your security device

In step 3, your browser will remember the type of device you’ve previously used, and automatically asks you to authenticate using that method.

However, you can also choose tho authenticate using other methods available on your account:

  • WebAuthn device
  • Verifcation token
  • Recovery key

Alternative 2FA methods

Authenticating on another device

You can verify a sign-in attempt on any device with a security key.  For example, if you’ve set up Touch ID authentication on your laptop, but wish to sign in from somewhere else, you can:

    1. Enter your email address
    2. Enter your password
    3. Start verification by choosing the “Verification token” option:
      Verify authentication attempt on another device
    4. Sign in from another device and verify the sign-in attempt there.  Make sure to check that the five-letter code matches.

Authenticating with a recovery key

If you have lost access to all your security devices, you can recover access by authenticating with the recovery key.  You still need to know your account password to use this method.

Generating a new recovery key

If you lose your recovery key, or feel that your recovery key may have been shared or seen publicly, we highly recommend generating a new key.  To generate a new recovery key:

  1. Go to your two-factor authentication settings.
  2. Disable the “Use 2FA” setting, and turn it back on.
  3. You will be presented with a new recovery key.

Best practices

You should register multiple devices to give you more alternatives to verifying your identity, and to avoid getting locked out of your account.

If you lose access to all authentication devices as well as your recovery key, you will permanently lose access your account.

If your account is configured to use Single Sign-On (SSO), two-factor authentication cannot be enabled.  Configuring strong authentication should be done on your identity provider (such as Azure AD, Okta, Google Workspace, etc.).

With 2FA devices in use, Zefort now has a much stronger way to authenticate you as a user.  This helps in other scenarios where we need your verification, such as changing your email address, password, or making other security-critical modifications to your account.