Two-factor authentication (2FA) on your PocketSmith account

Add an extra level of security and set up two-factor authentication for your PocketSmith account. Make sure you keep your PocketSmith recovery codes somewhere safe! 🔐

In this user guide

What is two-factor authentication (2FA)?

Two-factor authentication is also known as "2 step verification". When you have 2FA setup, you'll need both your PocketSmith username and password like usual, and as an addition, PocketSmith will ask you to provide an extra code that only you have access to. 

You'll need a smartphone that can run an authenticator app that generates a limited time code which you enter when logging into PocketSmith.

Activating 2FA on your PocketSmith account drastically reduces the chances of someone gaining unauthorized access. An attacker would need to know not only your username and password, but they would also need to get hold of your phone.


Setting up two-factor authentication

First of all, make sure you have set a password on your PocketSmith account, then choose an authenticator app for your phone. Some possible authentication apps are

For convenience, you can set up multiple devices using the same activation code.

Note

If you created your account using Google login and haven't added a password. You can add a password as shown in the following user guide:  Add a password to a PocketSmith account with Google a login

Follow the directions below to set up two-factor authentication

1
Head to the  Settings menu and select  Security
2
Click Two factor authentication located in the menu on the left-hand side and confirm your PocketSmith account password in the confirmation box provided
3
Click the Start two factor authentication setup button to begin pairing your PocketSmith account with your authenticator app
4
Use your chosen authenticator app to scan the QR code displayed . 
 Then, enter the code generated by your authenticator app, and click Confirm Code
5
On the next screen, you'll be able to download your recovery codes as a text file. 
These codes are very important and will allow you to login to your account should you lose access to your authenticator app - download them and keep them safe!
 

Warning
Don't lose your recovery codes!

PocketSmith Support cannot restore access to accounts with two-factor authentication enabled. If your phone is lost, broken or inaccessible, you will not be able to access your PocketSmith account unless you have your recovery codes. Be sure to download and keep your recovery codes in a safe place, so you're never locked out of your account.


Using two-factor authentication on your PocketSmith account

Once you've set up your account for 2FA, PocketSmith you will ask you for your 2FA code whenever you sign in. This code will appear on screen within the app you downloaded on your smartphone.

Enter the code from your 2FA app in the field provided and click Validate

Tip

If you don't want to be asked for a 2FA code everytime you sign in from a trusted location, you can select the option Don't ask for a two-factor code at this location again. PocketSmith will store your current IP address, and you will not be asked for your two-factor code when signing in from this location again.

If you've lost access to your authentication app, and need to use a recovery code see:  Using your recovery codes if you lose access to your authentication app

Turning off 2FA on your PocketSmith account

You may want to temporarily disable 2FA on your PocketSmith, for example, if you are transferring to a new smartphone, and therefore need to reset your 2FA app.

1
Head to the  Settings menu and select  Security
2
Click Two factor authentication located in the menu on the left-hand side and confirm your PocketSmith account password in the confirmation box provided
3
Click Turn off two-factor authentication 
4
Enter your password to confirm the removal of 2FA from your account

Storing and using your recovery codes

Recovery codes are single use and can be used to access your account in the event you lose access to your device and cannot receive two-factor authentication codes

Don't get locked out - store your recovery codes!

Upon completion of setting up 2FA inside the app, PocketSmith will give you some recovery codes; these are displayed in an orange box. It is imperative that you download or print these and keep them somewhere safe. A text file is available for download for convenience.

Warning

Don't lose your recovery codes!

PocketSmith Support cannot restore access to accounts with two-factor authentication enabled. If your phone is lost, broken or inaccessible, you will not be able access to your PocketSmith account unless you have your recovery codes. Be sure to keep your recovery codes in a safe place, so you're never locked out of your account.

Using your recovery codes if you lose access to your authentication app

If you lose access to your authentication app, you'll need to use one of your Recovery codes to regain access to your Pocketsmith account. To do this:

1
Locate the recovery codes you downloaded when setting up 2FA on your account
2
Sign in using your login details, and when the 2FA screen appears, click  Use a recovery code instead
3
Enter your one-time recovery code exactly as provided and click Validate

Be sure to include all dashes, for example 123456-123456-123456-1
Note

Each recovery code can only be used once.
PocketSmith will generate additional recovery codes as you use them and it's important to update your copy of your recovery codes if you have used one to sign in. You can download the updated codes by heading to Settings > Security > Two factor authentication. Confirm your password and click Show recovery codes, then click Download these codes

How to generate new recovery codes

If you've lost your previous recovery codes, or you suspect they have been seen by a third party, you can generate new codes:

1
Head to Settings > Security, then select Two factor authentication from the left menu
2
Confirm your password, then click Show your recovery codes
3
Click Generate all new recovery codes

4
Once your new codes have been generated, click Download these codes.

Your new codes will be downloaded as a .txt file - be sure to squirrel them away and keep them safe! 

FAQs

What if I don't want to be asked for a code each time I sign in?

You can choose to remember your location by selecting the checkbox on the two-factor code entry page. PocketSmith will store your current IP address, and you will not be asked for your two-factor code when signing in from this location again.

"Trusted" IP addresses can be removed from your account at the bottom of the two-factor authentication settings page. Once you've selected the IP addresses you'd like to untrust, click the Remove selected IP addresses button to confirm.

Still need help? Contact Us Contact Us