Enabling Two-Factor Authentication (2FA) in SmartPush

Avatar
Smart Push
Follow

 

Two-Factor Authentication (2FA) is an additional security layer that helps protect your SmartPush account. With password-only login, accounts are vulnerable to risks such as data leaks, phishing attacks, malware, or password guessing. By adding a second verification step, 2FA significantly reduces the risk of unauthorized access even if your password is compromised.

When 2FA is enabled, you must verify your identity using your account password when signing in.

Follow this guide to enable 2FA and enhance the security of your SmartPush account.
 

 

How 2FA Works with Existing Risk Control Verification

Both 2FA and SmartPush’s existing risk-based identity verification aim to enhance account security, but they work differently:

  • Risk-based identity verification
    This is triggered only when the system detects suspicious activity, and typically requires email verification at specific moments.
  • Two-Factor Authentication (2FA)
    This is voluntarily enabled by you at the account level. Once enabled:
    • Identity verification becomes mandatory at every login
    • Most sensitive operations no longer require additional pop-up OTP verification

In short, 2FA provides consistent, proactive protection, while risk-based verification is conditional and reactive.

 

 

Why We Recommend Enabling 2FA

Enabling 2FA helps you:

  • Prevent unauthorized logins, even if your password is exposed
  • Reduce interruptions during sensitive operations
  • Align with SmartPush’s data security and risk control standards
  • Better protect customer data and exported business information

 

 

Enabling 2FA in SmartPush

To enable 2FA for your SmartPush account:

  1. Go to Account Management > Account & security, then click Enable two-step verification.

  2. Verify your current account password (based on risk control rules).

  3. Verify your identity using your current email.

  4. Choose one of the following 2FA methods:
    • Authentication App: Use apps such as Google Authenticator, Microsoft Authenticator, or Duo Mobile to generate time-based verification codes. This method works even without an internet connection.
    • Email Verification: Receive a one-time code via email.   

Once setup is completed successfully, your account will display Two-Factor Authentication Enabled.

 

 

Managing Your 2FA Settings

You can manage your 2FA settings in SmartPush via: Account Management > Login & Security. From there, you can:

  • Enable 2FA
  • View your current 2FA status
  • Disable 2FA (verification required)

 

 

How Login Works After Enabling 2FA

After 2FA is enabled, logging in requires two steps:

  1. Enter your account email and password.
  2. Complete the second verification using your selected 2FA method.

If you do not receive a verification code, refer to the "Common Causes and Solutions for Not Receiving OTP Verification Codes" guide to view troubleshooting guidance. 

 

 

Using 2FA During Sensitive Operations

SmartPush applies additional protection to sensitive actions, such as:

  • Campaign data exports
  • Contact data exports

How verification works depends on your 2FA status:

If 2FA is not enabled

  • You will be prompted to verify your identity based on risk level
  • After verification, you may be guided to enable 2FA

If 2FA is enabled

  • For low-risk scenarios, extra OTP verification may be skipped
  • For high-risk scenarios, a second verification may still be required
     

 

Recovery Codes for Emergency Access 


What Are Recovery Codes?

Recovery codes are one-time-use backup verification codes that allow you to access your account when you cannot receive regular 2FA codes (such as authentication app codes). They act as an emergency access key for your account.


How to Save Your Recovery Codes

After enabling 2FA, the system will generate a set of recovery codes (12-character alphanumeric combinations). When the codes are displayed, please click Copy code or Download code to save them somewhere safe for emergency use.

Recommended storage methods:

  • Offline storage in an encrypted local file
  • Secure password managers or encrypted note apps (e.g. Bitwarden, 1Password)
  • Split storage across two or more secure locations


How to Use Recovery Codes

Login scenario

  1. On the login page, complete email and password verification.
  2. At the second verification step, click Use recovery code.
  3. Enter an unused recovery code.

Disabling 2FA scenario

  1. When disabling 2FA, complete password verification.
  2. At the second verification step, click Use recovery code.
  3. Enter an unused recovery code.

Important: 

  • Each recovery code can only be used once and will expire after use
  • If your authentication app is lost or cannot receive codes, please rebind your 2FA method as soon as possible

 

 

Disabling Two-Factor Authentication

To disable 2FA:

  1. Go to Account Management > Account & security, then click Disable two-step verification.

  2. Enter your password and click Next

  3. Complete verification using your current 2FA method.

  4. In the pop-up window, click Disable to confirm disabling 2FA.

Note: Disabling 2FA reduces your account’s security level. Please proceed with caution.

 

 

Important Notes & Limitations

  • You cannot currently change your 2FA email address or phone number by yourself. If you need to update them, please contact customer support for manual assistance.
  • If you lose access to your authentication app or device, contact customer support for recovery.
  • Verification codes are time-limited and may expire if not used promptly.

  • Important: If you can no longer access your authentication codes

If the person who previously received authentication or verification codes is no longer reachable and you are unable to log in to SmartPush, please contact our Risk Control team at riskservice@shoplineapp.com. Our team will assist with identity verification and help you regain account access.

Have more questions? Submit a request

Comments