Two-Factor Authentication (2FA) is a security feature that adds an extra layer of protection to your account by requiring not only your password, but also a second form of verification when logging in. This means that even if someone obtains your password, they still won’t be able to access your account without the second verification factor.
In most cases, 2FA works by sending a temporary, time-sensitive code to your email or a trusted device, such as your mobile phone, using an authentication app. Once you enter both your password and the unique verification code, your identity is confirmed and access is granted.
By requiring this additional step, 2FA significantly reduces the risk of unauthorized access, even if your login credentials are compromised. It’s one of the most effective ways to help protect your account from hacking, phishing attempts, and other forms of online fraud.
What To Expect For Existing Zenfolio Accounts
Two-Factor Authentication (2FA) has been implemented to all accounts. This important security measure is automatically enabled within accounts. If your account is not setup with any type of payment processing settings, you will have the option to temporarily decline setting up 2FA when prompted. If you set up 2FA and want to turn it off at a later time, the steps to do this can be found HERE. However, if your account includes any type of payment processing settings, 2FA is required to help safeguard payment information and client data.
If you choose to postpone the setup of 2FA for your account, you will have up to five times to delay setup before 2FA becomes mandatory. After the fifth deferral, you’ll be required to complete the 2FA setup in order to continue accessing your account.
|
For Advanced Accounts with Sub-Accounts Setup for Multi-User Access: Sub-account users assigned roles that do not allow access to payment or payout-related options are not required to set up 2FA. However, if a sub-account user’s role grants access to payment or payout features, they will be prompted to configure their own 2FA verification upon their next attempt to use these payment or payout options. These sub-account users will have the same verification methods available, including the Authenticator App or Email that will act independently from the main account's 2FA verification.
Note: This does not apply for accounts that share login credentials to provide others access to your account. In such cases, 2FA verification will be sent to the account owner whenever someone attempts to log in or perform a secure action requiring 2FA verification. |
First Login After 2FA Is Turned On
When you log in for the first time, you'll be asked to set up 2FA for your account if it hasn't been done yet.
The setup of 2FA will be required via email or the Google Authenticator app. We do acknowledge that you may not be in a position to complete the setup during your initial login; therefore, you will have the option to decline the 2FA setup up to five times before it becomes mandatory before logging in again.
Upon completion of the setup process, all subsequent logins to your Zenfolio account will require the use of two-factor authentication to gain access.
Enabling Two Factor Authentication (2FA)
For any accounts that previously declined setting up the 2FA during login that would now like to enable this for your account, you can do this through your Account Settings.
- In your Zenfolio account, click on your name located in the upper right corner.
- From the dropdown menu, click on Account.
- Within the Account section on the left-hand side, navigate to the Two-Factor Authentication subsection.
- In this section, you will find the Two-Factor Authentication option; check the box to Enable 2FA for your account.
Upon enabling 2FA, you will be prompted to select your preferred method of verification for your account. You may choose to verify your identity through Email or by utilizing the Authenticator application.
Verify Via the Google Authenticator App
- To authenticate your identity using 2FA via the Google Authenticator app, you will select the Mobile app authenticator option.
-
After downloading and launching the Google Authenticator application on your mobile device, tap on the button in the bottom right-hand corner to scan the QR code.
Download Google Authenticator from the Apple App Store or Google Play Store. - Utilize the application to scan the QR code presented in the 2FA setup window of your Zenfolio account settings.
- Upon successful scanning, Zenfolio Authenticator will be added into the Authenticator app. Tap on this option to access the verification code.
-
Input the verification code into the designated area. Then, click on Verify.
Note: Use the View Code button to obtain the backup code for your 2FA setup. It is essential to store this backup code securely, as it serves as an alternative method for 2FA verification in the event that you are unable to access the authenticator app. - Once the verification code has been entered and the 2FA method has been verified, click Save.
| Note: The verification code generated by the Authenticator app will reset every 30 seconds. If the verification code you are entering is not accepted, verify that the code has not already changed in the Authenticator app. |
| IMPORTANT: Ensure that the Authenticator application remains installed on your mobile device, as it will be utilized to verify your identity for subsequent logins to your Zenfolio account. Removing the authenticator application may result in not being able to log into the account, unless you have properly saved the backup code. |
Verify Via Email
- To verify your identity through 2FA via email, you will select the Email option.
- Ensure that the email address associated with your account is accurate, or alternatively, you may configure 2FA to utilize a different email address. Click the Send Email button to have the verification code sent to the specified email address.
-
Copy the verification code from the email you receive and input it into the designated area. Then, click Verify.
Note: The verification code will expire after 10 minutes. If you do not receive the email within a few minutes, please verify that it has not been filtered into your Spam, Junk, or Trash folders. You may request a new code to be sent after 10 minutes. - Once the verification code has been entered and the 2FA method has been verified, click Save.
Making Changes to 2FA Settings
If you wish to modify the 2FA method utilized for identity verification when accessing your Zenfolio account, you will have the ability to return to the Account Settings page where the 2FA feature was initially enabled. There, you will choose to Update Settings, complete the 2FA verification when prompted, and select a new verification method. Additionally, this option allows you to access the QR code for re-connecting to the Authenticator application, if necessary.
Logging into your Zenfolio Account with 2FA
Upon enabling the 2FA feature within your Zenfolio account, you will be prompted to verify your identity using the chosen method each time you log in to your account.
If you opted to verify via email, you will need to access the email account associated with your 2FA verification and retrieve the code provided in the new verification email message.
| The verification code provided through email will expire after 10 minutes. If you do not receive the email within a few minutes, please verify that it has not been filtered into your Spam, Junk, or Trash folders. You may request a new code to be sent after 10 minutes. |
If you selected the Authenticator app for verification, you must open the app on your mobile device and utilize the code generated through the Zenfolio Authenticator option, similar to the process followed during the initial setup of the 2FA verification.
| The verification code generated by the Authenticator app will reset every 30 seconds. If the verification code you are entering is not accepted, verify that the code has not already changed in the Authenticator app. |
I haven't setup 2FA, why am I being asked to authenticate my account login attempt?
Regardless of whether two-factor authentication (2FA) has been configured for an account, there are certain circumstances in which you may be required to authenticate your account login for specific reasons.
- No logins in 60 days - If there have been no successful logins to your account within the past 60 days, you will be prompted to authenticate your login. If 2FA has previously been configured for your account, you will receive a 2FA code via your selected authentication method. If 2FA has not been set up, you will receive a 2FA code at the primary email address associated with your account.
- High-risk login - If you attempt to access your account from a location that does not correspond to your account's billing address, you will be required to authenticate your login attempt. Additionally, if your login credentials are detected as part of a broader web data breach, you may not only be prompted to authenticate your login but also required to update your password with a new, secure, and unique password. If 2FA has previously been configured for your account, you will receive a 2FA code via your selected authentication method. If 2FA has not been set up, you will receive a 2FA code at the primary email address associated with your account.
Disable 2FA in Your Account
For eligible accounts, if you have enabled 2FA at any time and wish to disable it, you will have the option to do so:
- In your Zenfolio account, click on your name located in the upper right corner.
- From the dropdown menu, click on Account.
- Within the Account section on the left-hand side, navigate to the Two-Factor Authentication subsection.
- In this section, you will find the Two-Factor Authentication option; uncheck the box to disable 2FA for your account.
- Click on Save.
To complete this action, you will be required to use 2FA verification to confirm the disabling of this option. After successfully completing the verification one final time, you will no longer be required to provide 2FA verification when logging into your account.
| Note: Certain accounts may not be eligible for the deactivation of two-factor authentication (2FA) due to the specific features in use. If you are permitted to disable 2FA, you may still be required to complete an authentication process if your account remains inactive for 60 days or if your login attempt is deemed high-risk. |