We have implemented a 2FA process for both new and existing email ID-based users to enhance security. This feature is in BETA and will be rolled out to all email-based users gradually. Users can choose between two 2FA options: Authenticator App or OTP via Email. Below is a detailed user journey depending on which option you choose.
Step-by-Step Flow:
A. Login (Post-Verification):
-
Log in using your email and password on gupshup.io
If the 2FA step is enabled for your email ID, you will be taken to the 2FA Setup screen. Users are prompted to choose one of the 2FA methods
Authenticator OR Email.
Below are the steps based on your selected option -
Option 1: Authenticator App
-
Choose Authenticator App:
-
Set up an authenticator app (Google Authenticator, Microsoft Authenticator, Authy, etc.).
-
-
Scan QR Code:
-
A QR code is displayed on the screen, which users need to scan using their chosen authenticator app.
-
-
Scan QR Code:
-
A QR code is displayed on the screen, which users need to scan using their chosen authenticator app.
-
-
Enter Passkey:
-
The authenticator app generates a 6-digit passkey. Users need to enter this passkey into the platform to complete the setup.
-
-
Successful Setup:
-
Once the correct passkey is entered, the 2FA setup is complete. The user is logged into their account.
-
-
Future Logins:
-
For future logins, the user must enter a passkey generated by their authenticator app.
-
Option 2: OTP via Email
If the user prefers, they can set up 2FA using OTP via Email.
1. Choose OTP via Email:
-
-
The user selects the OTP via Email option.
-
2. Verification Email:
-
-
A one-time passcode (OTP) is sent to the registered email address
-
3. Enter Passkey:
-
The user retrieves the OTP from their email and enters it on the platform to complete the 2FA setup.
4. Successful Setup:
-
-
After entering the correct OTP, the 2FA setup is complete. The user is logged into their account.
-
5. Future Logins:
-
-
For future logins, an OTP will be sent to the registered email address, and the user must enter it to access their account.
-
Notes:
-
One-Time Setup for Authenticator App:
Setting up the authenticator app is a one-time activity. After that, users only need to enter the passkey from the app during each login. -
2FA on Every Login:
Regardless of the method chosen, 2FA will be required for every login. No "Remember this device" option will be provided due to security policies. -
Switching 2FA Methods:
You can request to reset the 2fa method by requesting the support team.
This 2FA process ensures a higher level of security for both new and existing users, allowing them to protect their accounts using the method they are most comfortable with. Setting up 2FA is optional for both new and existing users. However, at Gupshup, we prioritize the security of our users. That’s why we’ve introduced 2FA to enhance account safety. We strongly recommend setting up 2FA to protect your account.
Comments
0 comments
Please sign in to leave a comment.