The goal of two-factor authentication is to protect your Shotgun site, which means keeping supervillains out at all costs. But, this also introduces the possibility that you, the good guy, can accidentally be locked out as well if you aren't careful. In order to preserve access to Shotgun for your account, you may need to manage your two-factor authentication settings from time to time - like when you get a new phone. This document provides some technical details that can help ensure you can connect to Shotgun without interruption.
After you've initially set up two-factor authentication, you can modify your configuration via the Account Settings page in Shotgun. This is where you can move to a new phone or generate backup codes. For security purposes, you will have to enter your password again here before you can modify any of your settings.
Move to a new phone
If you recently got a new phone and would like to pair it to your Shotgun account for two-factor authentication, the Account Settings page is the place to do it, and here's how:
What you'll need
- Either a backup code or your old phone, in order to initially log into Shotgun.
- Your new Android or iOS device.
Step 1: Change your Settings
- Log into your Shotgun site using the aforementioned backup code or your old phone.
- Navigate to your Account Settings page.
- Click Two-Factor Authentication.
- Click Move to a New Phone.
Step 2: Complete the transition
This process is exactly the same as the initial two-factor authentication setup process.
- Install the Google Authenticator app on your new phone.
- Open and configure the Google Authenticator app.
• In Google Authenticator:
• Tap “+”
• Tap “Scan Barcode”
• Scan the barcode you see on the page with your phone’s camera
- Enter the 6-digit code generated by Google Authenticator and click Verify and Save.
Your new phone is now paired with your Shotgun account for two-factor authentication.
Step 3: Remove your Shotgun account from Google Authenticator on your old device (if relevant)
Although Google Authenticator installed on your old phone will continue to produce codes, these codes will no longer work.
- On your old phone, open the Google Authenticator application.
- On the main screen, which contains the verification codes, locate the verification code for your Shotgun account.
- For iOS devices:
a. Click on the Edit icon on the Authenticator on your phone.
b. Click on the Delete icon next to the account you wish to remove.
- For Android devices:
a. Press your finger on the verification code for a few seconds.
b. When presented with options, select Remove.
In the hopefully unlikely event that you don't have your phone with you (for whatever reason) and don't have any backup codes, you won't be able to log into Shotgun if two-factor authentication is enabled. This is by design, as it mirrors the scenario where a supervillain has learned your password but doesn't have your phone. We wouldn't want to let the supervillain in here, and by the same token, you won't be able to get in either if the same thing happens to you (i.e. you know your own password but don't have your phone).
However, there are scenarios where your Shotgun Admin can help. If you don't have the phone paired with your Shotgun account, but you do have another Google-Authenticator-capable device, your Admin can reset your two-factor authentication credentials, which will in turn let you reconfigure your settings with that new device. The most common situation this may occur is if you get a new phone, but forget to transfer your Shotgun account over to it before getting rid of your old phone.
You can request help from your Admin(s) from within Shotgun via the Get help button on the code entry screen. This will automatically send an email to all of the Admins for your Shotgun site (and cc you). You can also of course get in touch with them directly. From there, your Admin will need to reset your two-factor authentication settings and you will need to reconfigure two-factor authentication for your account. Shotgun will guide you through this process, which is exactly the same as the initial two-factor authentication setup.