How can we help?

curve-bg.svg

Menu

 

Shadow gives you the possibility to use two-factor authentication (2FA) to provide additional security to your account. Two-factor Authentication is optional and disabled by default on your account.

It adds an additional verification step whenever you are about to perform a security-sensitive operation.

On the other hand, single-factor authentication (password only) is easier to breach, making your account more vulnerable to malicious actors, phishing, and malware.

 

Is Two-Factor Authentication required?

For now, Shadow doesn’t have any plans on making Two-Factor Authentication mandatory for accessing any of your services.

However, we strongly recommend to enable it in order to provide an additional security layer to your Shadow account.

 

Which actions require 2FA when it is enabled?

If you enable Two-Factor Authentication, it will be required whenever you need to log in to perform an action.

For example:

 

How to set up Two-Factor Authentication?

You can set up one or several Two-Factor Authentication methods via your Customer Space.

See below the methods available with Shadow and how to set them up:

Authenticator Mobile Applications with Time-based One-Time Password (TOTP):

These applications generate a code which changes every 30 seconds.

Examples of applications you can use:

How can I enable Authenticator Mobile Applications as a 2FA method on Shadow?

 

  1. Download and set up your authentication app.
  2. Access the “Account” tab of your Customer Space on Shadow.
  3. Click “Edit my password” or “Edit my email”.
  4. Scroll to the “Managing Two Factor” section and scan the QR code or use the secret code with your authentication app.
  5. Type the first generated code of your authentication app below “Verify the code” to enable this 2FA method.

 

 

On-device Authenticators & External FIDO2 Devices:

On-device authenticators (such as biometric sensors*1) and external devices (such as USB security keys) are using the WebAuthn protocol to provide secure and convenient authentication.


*1 Biometric sensors: Biometric sensors are a type of technology, either mechanical or electronic, that captures biometric data (such as the face, palm print, or iris) digitally and converts it into a biometric template. For instance, a device's camera can function as a biometric sensor for the face.

icons8-error-24.png Your external device should be certified FIDO2 to be compatible with the WebAuthn protocol and work as a 2FA method on Shadow.

Examples of On-device Authenticators & External FIDO2 Devices:

How can I enable On-device Authenticators & External Devices as a 2FA method on Shadow?

 

  1. Set up your On-Device Authenticator or External Device.
  2. Access the “Account” tab of your Customer Space on Shadow.
  3. Click “Edit my password” or “Edit my email”.
  4. Scroll to the “Management of physical and biometric keys” section.
  5. Choose and enter a name for your On-Device Authenticator or External Device under “Name of the security key”.
  6. Click “Add a secret key” and follow the instructions on your screen.

 

Recovery Codes (How to plan a fallback solution if you loose access to your selected 2FA method(s))

The Recovery Codes are One-time use codes generated by Shadow that can be used to complete the second verification step when you loose access to your selected 2FA method(s).

 

icons8-error-24.png We recommend to enable this feature and back up the codes in order to use them if you loose access to your selected 2FA method.
icons8-error-24.png To ensure maximum security, we recommend to periodically re-generate those codes. To generate new codes, you can simply follow the instructions below.

How can I enable Recovery Codes on Shadow?

 

  1. Access the “Account” tab of your Customer Space on Shadow.
  2. Click “Edit my password” or “Edit my email”.
  3. Scroll to the “Backup codes” section.
  4. Click “Generate new backup codes”.
  5. Back up the provided codes in a safe place.
  6. Click “Confirm your backup codes”.
    icons8-error-24.png If this button is not clicked, the backup codes will not be enabled and you will not be able to use them to complete the second verification step.

 

 

 

How to disable Two-Factor Authentication

You can disable one or several 2FA methods on your Customer Space.

If no 2FA method is enabled, Two-Factor Authentication will be disabled.

 

How can I disable an Authenticator Mobile Application as a 2FA method on Shadow?

 

Please refer to the instructions provided with your application to disable the 2FA link with Shadow directly from your application.

 

How can I disable an On-device Authenticator or External Device as a 2FA method on Shadow?

 

  1. Access the “Account” tab of your Customer Space on Shadow.
  2. Click “Edit my password” or “Edit my email”.
  3. Scroll to the “Management of physical and biometric keys” section.
  4. Click “Delete Security Key X

 

How can I disable the Recovery Codes as a 2FA method on Shadow?

 

  1. Access the “Account” tab of your Customer Space on Shadow.
  2. Click “Edit my password” or “Edit my email”.
  3. Scroll to the “Backup codes” section.
  4. Click “Disable this method

 

 

FAQ

 

What should I do if I loose access to all my authentication methods?

 

You won’t be able to log into your Shadow account if you loose access to all your authentication methods.

We invite you to contact Support in order to proceed with an identity verification.

 

I have lost my Recovery Codes but I still have access to my Shadow account. How can I retrieve them?

 

We recommend to generate new Recovery Codes. You can also follow the instructions below to see your current Recovery Codes:

    1. Access the “Account” tab of your Customer Space on Shadow.
    2. Click “Edit my password” or “Edit my email”.
    3. Scroll to the “Backup codes” section.
    4. Click “Display Backup codes”.

 

 

Still have questions after reading this article?
Feel free to check out our other articles.
You can also contact Shadow support via our form.