Protecting Your Account With Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA), also known as Multi-Factor Authentication (MFA), is a security feature that adds an extra layer of protection to your account by requiring not only your password, but also a second form of verification when logging in. This means that even if someone obtains your password, they still won’t be able to access your account without the second verification factor.

In most cases, 2FA works by sending a temporary, time-sensitive code to your email or a trusted device, such as your mobile phone, using an authentication app. Once you enter both your password and the unique verification code, your identity is confirmed and access is granted.

By requiring this additional step, 2FA significantly reduces the risk of unauthorized access, even if your login credentials are compromised. It’s one of the most effective ways to help protect your account from hacking, phishing attempts, and other forms of online fraud.

Enabling Two Factor Authentication (2FA)

If you've not already setup 2FA within your account you will be required to setup this important security feature when you attempt to take certain secure actions within your account, setting up a Payment Option through Stripe or Paypal. Or you can manually enable 2FA within your account's settings:

1. In your Zenfolio account, click on your name located in the upper right corner. 
2. From the dropdown menu, click on Account Settings. 
3. Within the Account section of the Account Settings, navigate to the Account & Password subsection.
4. In this section, you will find the Two-Factor Authentication option; if it is OFF, use the button provided to Turn ON Two-Factor.

Upon enabling 2FA, you will be prompted to select your preferred method of verification for your account. You may choose to verify your identity through Email or by utilizing the Authenticator application.

Verify Via the Google Authenticator App

1. To authenticate your identity using 2FA via the Google Authenticator app, please select the Mobile app authenticator option.

2. After downloading and launching the Google Authenticator application on your mobile device, please tap on the QR code scanning button.

   Download Google Authenticator from the Apple App Store or Google Play Store.

3. Utilize the application to scan the QR code presented in the 2FA setup window of your Zenfolio account settings.
4. Upon successful scanning, Zenfolio Authenticator will be added into the Authenticator app. Tap on this option to access the verification code.
5. Input the verification code into the designated area. Then, click on Verify.
6. Once the verification code has been entered and the 2FA method has been verified, click Save.

Verify Via Email

1. To verify your identity through 2FA via email, select the Email option.
2. Ensure that the email address associated with your account is accurate, or alternatively, you may configure 2FA to utilize a different email address. Click the Send Email button to have the verification code sent to the specified email address.

3. Copy the verification code from the email you receive and input it into the designated area. Then, click Verify.

   Note: The verification code will expire after 10 minutes. If you do not receive the email within a few minutes, please verify that it has not been filtered into your Spam, Junk, or Trash folders. You may request a new code to be sent after 10 minutes.

4. Once the verification code has been entered and the 2FA method has been verified, click Save.

Making Changes to 2FA Settings

If you wish to modify the 2FA method utilized for identity verification when accessing your Zenfolio account, you may return to the Account Settings page. Here, there are a few things to note about modifying your 2FA settings. 

1. Use the elipsis icon to the right-hand side of your 2FA method(s) and you can Edit or Delete the method. Editing the 2FA method allows you to either add your account to an Authentication app, or update the email address used for verification.

   Note: For accounts with selling options enabled, 2FA is required. As a result, you must have at least one 2FA method configured, and you will not be able to delete a 2FA method if it is the only one established.

2. Clicking on Add Verification Method will allow you to add additional methods of verification. This will give you the option of choosing what method is used to verify your account when prompted at login. 
3. The default method of verification will be identified by the star icon. If you have multiple verification methods setup, you can use the elipsis icon to the right to choose a different method as the default.
4. For account's that allow removal of the 2FA settings, use the Turn Off Two-Factor button to disable 2FA.

Logging into your Zenfolio Account with 2FA

Upon enabling the 2FA feature within your Zenfolio account, you will be prompted to verify your identity using the chosen method each time you log in to your account.

If you opted to verify via email, you will need to access the email account associated with your 2FA verification and retrieve the code provided in the new verification email message.

If you selected the Authenticator app for verification, you must open the app on your mobile device and utilize the code generated through the Zenfolio Authenticator option, similar to the process followed during the initial setup of the 2FA verification.

If you've setup multiple forms of verification, the code will automatically be sent to the default method selected for your account. You can however use the dropdown menu provided in the 2FA window to select a different verification method.

FAQ & Troubleshooting

Can't login, I lost access to the authenticator mobile app – no alternate method setup.

When using only the authenticator app for your account verification, it is essential that once you have configured the authenticator mobile app for verifying your Zenfolio account, you do not uninstall or remove the app from your mobile device. Removing the app may result in the loss of all connected accounts preventing you from verifying access. To ensure continued access to your Zenfolio account in the event you lose access to the authenticator app, please save the backup code provided during the initial setup of the verification process. This backup code serves as an alternative method for verifying your account.

If you have lost access to the authenticator app and do not have the backup code saved, please contact our support team for assistance in regaining access to your account. To maintain the security of your account, our support team may request information to verify your identity before granting access.

You can setup multiple verification methods which will help reduce the risk of losing access to your account in the event you lose access to the authenticator app.

Can't login, I lost access to the email used for authentication – no alternate method setup.

When using only email verification for your account, it is important that you ensure you can access the email account that will receive the verification code for your Zenfolio account. If you have lost access to the email account used for verification, please contact our support team for assistance in regaining access to your account. To maintain the security of your account, our support team may request information to verify your identity before granting access.

You can setup multiple verification methods which will help reduce the risk of losing access to your account in the event you lose access to the email account.

I haven't setup 2FA, why am I being asked to authenticate my account login attempt?

Regardless of whether two-factor authentication (2FA) has been configured for an account, there are certain circumstances in which you may be required to authenticate your account login for specific reasons.

• No logins in 60 days - If there have been no successful logins to your account within the last 60 days, you will be prompted to authenticate your login. If 2FA has previously been configured for your account, you will receive a 2FA code via your selected authentication method. If 2FA has not been set up, you will receive a 2FA code at the primary email address associated with your account.

• High-risk login - If you attempt to access your account from a location that does not correspond to your account's billing address, you will be required to authenticate your login attempt. Additionally, if your login email address and password is detected as part of a broader web data breach, you may not only be prompted to authenticate your login but also required to update your password with a new, secure, and unique password. If 2FA has previously been configured for your account, you will receive a 2FA code via your selected authentication method. If 2FA has not been set up, you will receive a 2FA code at the primary email address associated with your account.

  Security Tip: Although Zenfolio has not experienced any security breaches compromising user data, your information may still be exposed through data breaches involving other companies and services. To reduce the risk of unauthorized access to your account due to a third-party data breach, it is advisable to use a unique and strong password that is not used for any other services.