Two-factor Authentication (2FA) helps protect your account from unauthorized access by requiring you to enter a code when logging into your PhotoShelter account. The 2FA codes are generated by a free mobile authenticator app installed on your Android or iOS mobile device. Two-Factor Authentication is a base requirement for all PhotoShelter accounts.
Once you’ve set up 2FA, you’ll be prompted to enter a code every time you log in to your Image Browser, any time you use a different device, and if you’ve recently cleared your browser cache.
Setting up Two-factor Authentication
1. In your browser, navigate to your account's Security page.
2. Click Enable Two-factor Authentication
3. Download and open your chosen 2FA Authenticator app (see Which 2FA Authenticator app should I use?)
4. Tap the + or Add button in your authenticator app on your device.
5. Scan the QR code displayed with your 2FA Authenticator app. Do not use your device's camera app. For instructions on how to complete this step using one of the top two free 2FA apps, Google Authenticator or Authy, see our detailed instructions in step 5A/5B:
5A / 5B. Scanning with Google Authenticator or Authy
- Google Authenticator:
A1. Open the Google Authenticator app (don't have the app installed yet? Click here for Android, or here if you're using iOS)
A2. After signing into your Google Account in Google Authenticator, tap the + Icon at the bottom-right of your screen.
A3. Tap the "Scan a QR code" (shown below) button. Your camera will open - scan the QR code from your browser screen (see step 1 above).
- Authy:
B1. Open the Authy app and sign in (don't have the app installed yet? Click here for Android, or here if you're using iOS).
B2. Tap the "+ Add Account" button that is shown on your screen.
B3. Tap the "Scan a QR code" button. Your camera will open - scan the QR code from your browser screen (see step 1 above).
6. After scanning the QR code, enter the 6 digit verification code generated by your 2FA app, without any spaces (123456). Authenticator apps generate a new code every 30-60 seconds. Most apps will show a countdown indicating when the code for your app will refresh.
Recovery Code
After you enable Two-factor Authentication, you’ll be provided with a recovery code which should be used to log into your account in the event that you don’t have access to your device with the authenticator app installed. It is extremely important that you save this recovery code in a secure (but memorable) location. If you don’t have access to your device or your recovery code, you will not be able to log into your PhotoShelter account.
IMPORTANT: The recovery code is not the code you enter into the 2FA prompt each time you log into PhotoShelter. It is the code you should use if you do not have access to your device with the authenticator app installed.
Logging in with Two-factor Authentication
1. Open the authenticator app on your mobile device
2. Visit the photoshelter.com login page
3. Enter your email address and password
4. Click the "sign in" button
5. Enter the six-digit code from the authenticator app
6. Click the "verify" button
FAQ
Where do I scan the QR code generated on the Security page during 2FA setup?
Scan the QR code with your authenticator app, not with your camera. For example, in Google Authenticator, tap the + icon to add PhotoShelter as an entity in your authenticator app.
In Authy, tap + Add Account:
Which 2FA Authenticator app should I use?
We support any TOTP (time-based one-time password) 2FA app of your choice! Here are a few standard 2FA options if you're not sure which app to pick:
- Authy
- LastPass
- Google Authenticator
- Microsoft Authenticator
- DuoMobile
-
NordPass
* Note that setting up 2FA with these apps does not grant account access to the third-party app.
What if I’ve lost my recovery code?
If you’ve lost your recovery code and you don’t have access to your device with the authenticator app installed, you’ll need to contact our Technical Support team at support@photoshelter.com for further instructions.
Do I have to use 2FA with PhotoShelter?
Yes.
Will this impact the way I upload photos via Photo Mechanic or FTP?
No, the only time you will use 2FA is when you are logging in to the backend of your account at photoshelter.com. Photo Mechanic and FTP will not use 2FA, so your upload workflow will not be impacted.
If I am using 2FA, will my clients be required to use 2FA too?
No, your clients will not be required to use 2FA. 2FA is for you, the account owner.
I don't log into PhotoShelter from my phone, I log in from my desktop/laptop. How can I use 2FA?
You will still be required to use an authenticator app installed on your mobile device when logging in via desktop. You will enter your login details as you normally would on desktop, and will be asked for a 6-digit code. You will open the authenticator app on your phone to find that code, which you will then enter on your desktop.
Do I have to use a TOTP app? Can I use email or SMS instead?
Currently, we don't offer Email or SMS-based Two-Factor Authentication. This is because messaging is not the most secure method for 2FA, as text + email messages can be intercepted. Instead, we recommend using an Authenticator app that supports TOTP (Time-Based One-Time Password). This guarantees that only you are accessing the account.
I have multiple users logging into my account. What are my options?
Please connect with our team at support@photoshelter.com. We'd love to learn more about how you work with multiple users on your account so we can determine the best solution for you.