How does Two-Factor Authentication (2FA) work on Shadow?
Shadow gives you the possibility to use two-factor authentication (2FA) to provide additional security to your account. Two-factor Authentication is optional and disabled by default on your account.
It adds a verification step whenever you are about to perform a security-sensitive operation.
On the other hand, single-factor authentication (password only) is easier to breach, making your account more vulnerable to malicious actors, phishing, and malware.
Is Two-Factor Authentication Required?
For now, Shadow doesn’t have any plans to make Two-Factor Authentication mandatory for accessing any of your services.
However, we strongly recommend enabling it to provide an additional security layer to your Shadow account.
Which actions require 2FA when it is enabled?
If you enable Two-Factor Authentication, it will be required whenever you need to log in to perform an action.
When you log into any of your services (Shadow Drive or Shadow PC)
When you update your password to recover your account.
How to set up Two-Factor Authentication?
You can set up one or several Two-Factor Authentication methods via your Account Page.
See below the methods available with Shadow and how to set them up:
Authenticator Mobile Applications with Time-based One-Time Password (TOTP):
These applications generate a code that changes every 30 seconds.
Examples of applications you can use:
On-device Authenticators & External FIDO2 Devices:
On-device authenticators (such as biometric sensors*1) and external devices (such as USB security keys) are using the WebAuthn protocol to provide secure and convenient authentication.
*1 Biometric sensors: Biometric sensors are a type of technology, either mechanical or electronic, that captures biometric data (such as the face, palm print, or iris) digitally and converts it into a biometric template. For instance, a device's camera can function as a biometric sensor for the face.
Examples of On-device Authenticators & External FIDO2 Devices:
Recovery Codes (How to plan a fallback solution if you loose access to your selected 2FA method(s))
The Recovery Codes are One-time use codes generated by Shadow that can be used to complete the second verification step when you loose access to your selected 2FA method(s).
How to disable Two-Factor Authentication
You can disable one or several 2FA methods on your Customer Space.
If no 2FA method is enabled, Two-Factor Authentication will be disabled.