Multi-factor authentication (MFA) is an additional step that requires information beyond your password to log in to your account, adding an extra level of security. It's currently optional and available for all plan types. However, it's not accessible for Assistants (a Pro plan feature) or guest accounts.
- Enable MFA
- How to use backup codes
- Regenerate backup codes
- Disable MFA
- Lost access to MFA token and backup codes
Enable MFA.
Visit your Account Settings to enable MFA. Select the profile icon in the upper-right corner of your account > Account Settings > Me > Account, then scroll down to the MFA section.
Click on the Get Started button.
Step 1.
Once you click Get Started, you'll see a QR code. Scan that QR code with your chosen authenticator app. This will generate a one-time code.
If you're unable to scan the QR code, you'll also have the option to type in the code.
New to authenticator apps? There are a variety to choose from such as 1Password, Google Authenticator, Authy, etc.
Step 2.
Enter the verification code displayed by your authenticator app.
Click on Confirm Authentication Code.
Next, you'll see a confirmation panel that confirms you're all set. This means anytime you now log in to your account, you'll enter your email or nickname, password, and a one-time verification code generated by your authenticator app.
This panel also provides you with eight, single-use, backup codes. Store these in a safe place! If you lose access to your authenticator app, these single-use backup codes allow you to still log in.
Next time you log in to your SmugMug account, you'll first enter your email address (or nickname) and password.
Followed by your one-time code from your authenticator app.
Note: Trouble finding your one-time password after enabling MFA? If you're on an iOS device, and you used your device's camera to scan the QR Code when enabling the feature, instead of within an authenticator app, your MFA was not set up using an authenticator app. Instead it was set up using Apple's one-time password feature. This may cause confusion and we recommend checking out the article here from Apple on their feature.
How to use backup codes.
When setting up MFA the first time, you're provided with eight, single-use, backup codes to use in the event you lose access to your authenticator app. These codes can only be used one time each.
As you log in to your account with your email address (or nickname) and password, next you'll enter one of the single-use backup codes instead of the one-time code from your authenticator app.
If you've only temporarily lost access to your authenticator app, once you are logged in, you can regenerate the backup codes to have eight new codes. However, if you've permanently lost access to your authenticator app, once you are logged into your SmugMug account, you'll want to consider disabling MFA so that you can set up it up again with a new authenticator app.
Regenerate backup codes.
These codes can be regenerated when you're logged in to your SmugMug account. Friendly reminder: be sure you back up the new codes in a safe place because all previous backup codes will be invalid after using the regenerate option.
To regenerate the codes, visit your Account Settings and click on the button to Regenerate Backup Codes.
Disable MFA.
You'll need to be logged in to your SmugMug account to disable MFA. Navigate to your Account Settings > Me > Account and click on the Disable button in the MFA section.
Lost access to MFA token and backup codes.
If you lose access to your authenticator app and also lose your single-use backup codes, you'll need to reach out to our Support Heroes for assistance to have MFA disabled on your account so you can log in and set up MFA again.