Securing Your CommentSold Account with Multi-Factor Authentication

Multi-factor authentication adds an extra layer of security to your CommentSold shop and all team accounts within.

As cybersecurity risks increase, securing online accounts, especially those tied to your business, is  mission-critical.

Multi-factor authentication, also known as MFA, will reduce the risk of having your CommentSold account compromised by adding an extra step to the basic login procedure. 

MFA can be enabled for the shop admin, and then, enforced for all team accounts within if desired.

This Article Covers:


Benefits of MFA

Why should you bother with an extra step at login? Enforcing MFA will:

  • Combat phishing and hacking.
    Having a second form of identification will decrease the chance of criminals gaining access to your admin panel, where they can rip sensitive information or reroute goods or payments.
  • Mitigate internal fraud and saboteur attacks in your organization. Verify the identity of your team members, partners, and virtual assistants with MFA. Stolen passwords and shared logins will become near impossible.

 

How MFA Works

Normally when shop admins or team members attempt to log in to their CommentSold account, the login process is only one step. With multi-factor authentication enabled for their account, the system will add an additional step, where it asks the user to enter the verification code sent to their email address. 

steps_1_2.png

From here, the code must be retrieved from their inbox and submitted within 15 minutes or the code will expire.

 The subject line of the email will read “Login Verification”, sent by support@commentsold.com.

Login_Verificati.png

Once the verification code is entered and submitted in the CommentSold login screen, the user should be able to log in successfully. Once signed in, the user won’t be asked for a verification code again unless you are signed out completely.

If the login was unsuccessful, it’s possible the code has expired or entered incorrectly. In this case, the system will give a warning.


incorrect_code.png

If you’d like to receive a new code, you can click Resend Code to have a fresh one sent to your inbox.

 

Enabling MFA as A Shop Admin

Before you enable multi-factor authentication for your admin account, you’ll first need to confirm that you have access to the email attached to it. Otherwise, you won’t be able to receive the code that will be sent to your email address for multi-authentication.

From your CommentSold dashboard, navigate to Setup > Account to enter your account settings.

Scroll down to Change Your Email and take a look at the email listed here. 

Change_Your_Email.png

If you have access to this email address, you can move to the next step. If you no longer have access to this account, replace this email address with one you know you’ll have access to and click Update Email.

Now you’re ready to enable multi-factor authentication!

While you’re still on the Account page, scroll down to Enable Multi-factor Authentication (MFA) via Email and click the button to Enable this setting.

Enable_MFA.png

A notification will appear at the top of the page to confirm that you’ve successfully enabled MFA. 

 

Enforcing MFA for Team Accounts

At a minimum, we recommend enforcing MFA for any employees that have access to all permissions, "manage team" permissions, as well as those with permissions to view reports. This will ensure that these users are the only ones to access their accounts, where they have access to sensitive permissions and proprietary data.

Please note that all team members with "All Permissions" and those with permissions to "Manage Team" will be able to enable or disable multi-factor authentication for all team members.

To enforce multi-factor authentication to a team member account:

Navigate to the Team tab from the main menu.

Now, find the team member account you’d like to enforce with MFA. Click the three dots across from their name, under the Manage column.

From the drop-down selection, click Enable Two-Factor Authentication with Email

enable_mfa_for_team.png

From the drop-down selection, click Enable Two-Factor Authentication with Email. A popup will appear. Click Confirm to continue.

A notification will appear at the top of the page to indicate that MFA has been successfully enabled. The next time your team member attempts login, they will be prompted to enter their verification code.

 

Verifying Which Accounts Have MFA Enabled

If you need to check which team accounts have MFA enabled (or disabled), you can view this at a glance from the Team tab. It will appear as Enabled or Disabled under the "Two-factor Authentication" column across from each respective Team Member.

verify_mfa.PNG

Disabling MFA

If you'd like to turn off MFA for your admin account or a team account, navigate to the Team tab. 

Find the name of the team member account you'd like to remove MFA from, then click the 3 dots across from it under the "Manage" column.

From the drop-down menu, select Disable Two-Factor Authentication with Email.

disable_mfa.png

A popup will appear asking if you're sure you want to take this action. Click Confirm to verify.

Once you click confirm, an alert will appear at the top of the page, letting you know that you've successfully disabled MFA via email for that account.

Was this article helpful?
0 out of 0 found this helpful