This article explains how to set up MFA for your personal account. If you have an Enterprise plan, please check out our other article: https://support.zeplin.io/en/articles/6992335-getting-started-with-mfa
Multi-Factor Authentication (MFA) helps safeguard access to Zeplin data, providing another layer of security by using a second form of authentication.
MFA provides an additional layer of security beyond just a username and password. Requiring multiple forms of authentication makes it more difficult for unauthorized users to access your Zeplin account.
This setting enables multi-factor authentication for your individual Zeplin account. In addition, organizations you are a member of may also require multi-factor authentication.
Setting up Individual MFA
To enable multi-factor authentication, click on your avatar in the top right corner of the screen to access your profile, and select the Account tab. Then scroll down to Multi-factor Authentication to start the MFA setup process.
An authenticator app is needed to complete the two-step verification. Zeplin supports most authenticator apps such as Autho, Google Authenticator, or a time-based one-time password feature from a password safe.
To configure the app, scan the QR code, or you can enter the secret key manually.
Be sure to save your backup codes in case you lose access to the authenticator app. You can use one of these backup codes to gain access to your Zeplin account.
☝️ Once you've completed the setup process, you must enter your MFA code from your authenticator app every time you log in to your Zeplin account.
Resetting or removing Individual MFA
If you need to reset or remove your MFA, you can do this directly from your Profile under the Account tab. You can scroll down to Multi-factor Authentication to remove MFA or reset your authenticator app.
Please note that the remove and reset options are only available at the individual level. If an Enterprise workspace Admin/Owner manages your security settings, these options will not be available.
☝️ When selected to reset your authenticator app, you must complete a new MFA link.
Common MFA code questions
Where do I find my code?
Your code will be generated in the authenticator app indicated by the name and email used to create the code. You will not need an SMS or email to generate the code. Note that the code refreshes with a new one after a certain number of seconds (depending on the app), so be sure to enter it within the allotted time.
My Google Authenticator codes don't work.
It may be because the time isn't correctly synced on your Google Authenticator app. To set the correct time:
On your mobile device, go to the main menu of the Google Authenticator app.
Tap More More, Settings, Time correction for codes, and Sync now.
On the next screen, the app confirms the time has been synced. You should be able to sign in.
☝️ The sync will only affect the internal time of your Google Authenticator app and will not change your device's Date & Time settings.
What if I lost my backup codes?
If you have lost access to your authenticator app and backup codes, please contact email@example.com. MFA recovery may take several days if Zeplin support is needed.