Two-factor authentication

Shotgun is committed to protecting our clients’ sites, accounts, and above all else, content. No matter how careful you are, there is a constant risk that your password might be stolen. With this in mind, we’re excited to announce the addition of two-factor authentication for Shotgun logins. Two-factor authentication can help keep supervillains out of your Shotgun site, even if they have your password.

How it works

With two-factor authentication, logging in to Shotgun will feel a bit different. You’ll protect your account with something you know, like your password, and something you have, like your mobile phone. In practice, when you sign into Shotgun you’ll need to:

  1. Enter your password
    Just as you normally would.
  2. Enter a code
    Typically this will come from the Google Authenticator ( or Duo Mobile ( app on your phone, but it can also be a backup code (more on that below).

In the hopefully-unlikely event a supervillain somehow hacks through your password layer, he or she still won’t be able to get into Shotgun without your phone.

Setting up your phone

Admins can enable two-factor authentication on the Site Preferences page.Note that the initial configuration must be done on a computer through a web browser. Once enabled, all users will have to configure an authentication app on their phones. 

Two-factor authentication set up entails the following steps, which you’ll have to do once you create a password for your account.

  1. Install either the Google Authenticator or Duo Mobile app on your new phone.
  2. Open and configure the app. In the app:
    • Tap “+”
    • Tap “Scan Barcode”
    • Scan the barcode you see on the page with your phone’s camera
  3. Enter the 6-digit code generated by the app and click Verify and Save.

Going forward, your Shotgun account will be paired with your phone, and you’ll use it to generate a new code each time you log in.

What if I don’t have my phone?

If for whatever reason you don’t have your phone with you, never fear, you can still access Shotgun! This is what backup codes are for. Shotgun can generate these additional codes that you can print out or save as a text file for use when your phone is unavailable. For more information on backup codes, please see the following article:

Technical information

Two-factor authentication is currently a site-wide preference in Shotgun. If enabled, all licensed user accounts on the site will be required to use the additional security measure when logging in. This excludes Client Users who access the Client Review Site. For additional information on configuring two-factor authentication, please see following articles:



Two-factor authentication is currently supported for Shotgun web logins as well as Shotgun Desktop, Toolkit, Shotgun Review for iOS, and RV logins.