Shotgun is committed to protecting our clients’ sites, accounts, and above all else, content. No matter how careful you are, there is a constant risk that your password might be stolen. With this in mind, we’re excited to announce the addition of two-factor authentication for Shotgun logins. Two-factor authentication can help keep supervillains out of your Shotgun site, even if they have your password.
How it works
With two-factor authentication, logging in to Shotgun will feel a bit different. You’ll protect your account with something you know, like your password, and something you have, like your mobile phone. In practice, when you sign into Shotgun you’ll need to:
- Enter your password
Just as you normally would.
- Enter a code
Typically this will come from the Google Authenticator app on your phone, but it can also be a backup code (more on that below).
In the hopefully-unlikely event a supervillain somehow hacks through your password layer, he or she still won’t be able to get into Shotgun without your phone.
Setting it up
When two-factor authentication is required for your site and account, Shotgun will guide you through the setup process. Note that the initial configuration must be done on a computer through a web browser.
Two-factor authentication setup entails the following steps, which you’ll have to do once you create a password for your account:
- Install the Google Authenticator app on your phone.
- Open and configure the Google Authenticator app.
• In Google Authenticator:
• Tap “+”
• Tap “Scan Barcode”
• Scan the barcode you see on the page with your phone’s camera
- Enter the 6-digit code generated by Google Authenticator.
Going forward, your Shotgun account will be paired with your phone, and you’ll use it to generate a new code each time you log in.
What if I don’t have my phone?
If for whatever reason you don’t have your phone with you, never fear, you can still access Shotgun! This is what backup codes are for. Shotgun can generate these additional codes that you can print out and/or save as a text file for use when your phone is unavailable. For more information on backup codes, please see the following doc:
Two-factor authentication is currently a site-wide preference in Shotgun. If enabled, all accounts on the site will be required to use the additional security measure when logging in. For additional information on configuring two-factor authentication, please see following docs:
Two-factor authentication is currently supported for Shotgun web logins as well as Shotgun Desktop and Pipeline Toolkit logins. Support for Shotgun Review for iOS and RV are coming soon.
Two-factor authentication is available for pilot clients. If you’re interested in trying it out on your site, please get in touch via our support.