Two factor authentication (2FA) allows you to add an extra layer of security to your account by requiring a verification method other than just your email and password. If your email or password were compromised, 2FA ensures your Action Network account remains secure. Below are some frequently asked questions related to 2FA.
What best practices does Action Network recommend?
Action Network recommends always having multiple admins in a group. We cannot add or remove admins from groups so this ensures your organization always has access to the group. We also recommend using an authentication app that can be installed on multiple devices (like phone and tablet/laptop).
What method is most secure?
A physical device is the most secure authentication method. These devices, called hardware keys, are physically plugged into your device and can be linked to your Action Network account. The next best authentication method is an authentication app such as Authy, Google Authenticator, or any other app. This is what most people will likely use and offers a high level of security. While SMS still provides an extra layer of security, it is possible for a mobile number to be spoofed and receive verification texts, which can compromise your account. If you can't use a hardware key or verification app, you should still use SMS to boost account security.
What app is considered most secure? Do you have an app you would recommend?
Any third party authentication app is very secure. Some popular apps include Authy and Google Authenticator.
Why do I need more than one form of 2FA?
Having multiple forms of 2FA ensures you won't lose access to your Action Network account in the event that you lose access to one of them. If you change your number, you can still log in with your app. If you lose your phone, you can still use a desktop app to log in. Some apps, like Authy, can be used on desktop, laptop, and phones, and automatically sync between them, so you don't have to set up more than one form of 2FA but rather just set up the same app in multiple places.
How do I enable 2FA?
You can do so from your profile in the upper right menu after logging in. You can read more about how here.
Can I make 2FA required for all admins in my group?
Yes, you can enable this in the Settings tab of your Group Manage page. You will need to also select an acceptable authentication type. You can choose between any factor, only apps and hardware keys, or only hardware keys. Users will not be able to remove an authentication method if it is required by a group they administer.
What if I change my group's acceptable authentication type?
If you change your acceptable authentication type (e.g. any factor to only apps and hardware keys) we will remove authentication types that do not meet the new requirements when the administrator next tries to access the group. For example if you go from any factor to only apps and hardware keys, your SMS authentication method would be removed. The next time an admin tries to access the group, they will need to set up the new authentication method before accessing the group. Note that if you have administrators that do not log in or access the group often, their accounts will not have the enhanced security offered by stricter authentication types until they log in. To prevent security issues, you should communicate with admins about any new requirements you set, or remove admins that do not need access to the group.
What if I lose access to all 2FA methods?
Unfortunately, we cannot recover your account if you lose access to your authentication methods. Group admins will still be able to add you at a new email address.