Multi-factor authentication adds an extra layer of security to your CommentSold shop and all team accounts within.
As cybersecurity risks increase, securing online accounts, especially those tied to your business, is mission-critical.
Multi-factor authentication, also known as MFA, will reduce the risk of having your CommentSold account compromised by adding an extra step to the basic login procedure.
MFA can be enabled for the shop admin, and then, enforced for all team accounts within if desired.
This Article Covers:
- Benefits of MFA
- How MFA works
- Enabling MFA as an Admin
- Enforcing MFA for Team Accounts
- Verifying Which Accounts Have MFA Enabled
Benefits of MFA
Why should you bother with an extra step at login? Enforcing MFA will:
- Combat phishing and hacking.
Having a second form of identification will decrease the chance of criminals gaining access to your admin panel, where they can rip sensitive information or reroute goods or payments.
- Mitigate internal fraud and saboteur attacks in your organization. Verify the identity of your team members, partners, and virtual assistants with MFA. Stolen passwords and shared logins will become near impossible.
How MFA Works
Normally when shop admins or team members attempt to log in to their CommentSold account, the login process is only one step. With multi-factor authentication enabled for their account, the system will add an additional step, where it asks the user to enter the verification code sent to their email address.
From here, the code must be retrieved from their inbox and submitted within 15 minutes or the code will expire.
The subject line of the email will read “Login Verification”, sent by email@example.com.
Once the verification code is entered and submitted in the CommentSold login screen, the user should be able to log in successfully. Once signed in, the user won’t be asked for a verification code again unless you are signed out completely.
If the login was unsuccessful, it’s possible the code has expired or entered incorrectly. In this case, the system will give a warning.
If you’d like to receive a new code, you can click Resend Code to have a fresh one sent to your inbox.
Enabling MFA as A Shop Admin
Before you enable multi-factor authentication for your admin account, you’ll first need to confirm that you have access to the email attached to it. Otherwise, you won’t be able to receive the code that will be sent to your email address for multi-authentication.
From your CommentSold dashboard, navigate to Setup > Account to enter your account settings.
Scroll down to Change Your Email and take a look at the email listed here.
If you have access to this email address, you can move to the next step. If you no longer have access to this account, replace this email address with one you know you’ll have access to and click Update Email.
Now you’re ready to enable multi-factor authentication!
While you’re still on the Account page, scroll down to Enable Multi-factor Authentication (MFA) via Email and click the button to Enable this setting.
A notification will appear at the top of the page to confirm that you’ve successfully enabled MFA.
Enforcing MFA for Team Accounts
At a minimum, we recommend enforcing MFA for any employees that have access to all permissions, "manage team" permissions, as well as those with permissions to view reports. This will ensure that these users are the only ones to access their accounts, where they have access to sensitive permissions and proprietary data.
To enforce multi-factor authentication to a team member account:
Navigate to the Team tab from the main menu.
Now, find the team member account you’d like to enforce with MFA. Click the three dots across from their name, under the Manage column.
From the drop-down selection, click Enable Two-Factor Authentication with Email.
From the drop-down selection, click Enable Two-Factor Authentication with Email. A popup will appear. Click Confirm to continue.
A notification will appear at the top of the page to indicate that MFA has been successfully enabled. The next time your team member attempts login, they will be prompted to enter their verification code.
Verifying Which Accounts Have MFA Enabled
If you need to check which team accounts have MFA enabled (or disabled), you can view this at a glance from the Team tab. It will appear as Enabled or Disabled under the "Two-factor Authentication" column across from each respective Team Member.
If you'd like to turn off MFA for your admin account or a team account, navigate to the Team tab.
Find the name of the team member account you'd like to remove MFA from, then click the 3 dots across from it under the "Manage" column.
From the drop-down menu, select Disable Two-Factor Authentication with Email.
A popup will appear asking if you're sure you want to take this action. Click Confirm to verify.
Once you click confirm, an alert will appear at the top of the page, letting you know that you've successfully disabled MFA via email for that account.