Enabling Two-Factor Authentication (2FA) in SmartPush (Coming Soon)

Avatar
Smart Push
Follow

Two-Factor Authentication (2FA) is an additional security layer that helps protect your SmartPush account.

When 2FA is enabled, you must verify your identity using two different types of credentials when signing in:

  1. Your account password
  2. A one-time verification code (sent via email, SMS, or generated by an authentication app)


With password-only login, accounts are vulnerable to risks such as data leaks, phishing attacks, malware, or password guessing.


By adding a second verification step, 2FA significantly reduces the risk of unauthorized access even if your password is compromised.

 

In This Article

 

How 2FA Works with Existing Risk Control Verification

Both 2FA and SmartPush’s existing risk-based identity verification aim to enhance account security, but they work differently:

  • Risk-based identity verification
    This is triggered only when the system detects suspicious activity, and typically requires email verification at specific moments.

     
  • Two-Factor Authentication (2FA)
    This is voluntarily enabled by you at the account level.
    Once enabled:
    • Identity verification becomes mandatory at every login
    • Most sensitive operations no longer require additional pop-up OTP verification
       

In short, 2FA provides consistent, proactive protection, while risk-based verification is conditional and reactive.

Why We Recommend Enabling 2FA

Enabling 2FA helps you:

  • Prevent unauthorized logins, even if your password is exposed
  • Reduce interruptions during sensitive operations
  • Align with SmartPush’s data security and risk control standards
  • Better protect customer data and exported business information

Enabling 2FA in SmartPush

You can manage 2FA in SmartPush via:

Account Management > Login & Security

From there, you can:

  • Enable 2FA
  • View your current 2FA status
  • Disable 2FA (verification required)

To enable 2FA:

  1. Go to Account Management > Login & Security
  2. Click Enable Two-Factor Authentication
  3. Verify your current account password (based on risk control rules)
  4. Verify your identity using your current email or phone
  5. Choose one of the following 2FA methods:

     

Verification Methods

  • Authentication App 
    Use apps such as Google Authenticator, Microsoft Authenticator, or Duo Mobile to generate time-based verification codes.
    This method works even without an internet connection.
  • SMS Verification
    Receive a one-time code via your mobile phone.
  • Email Verification
    Receive a one-time code via email.

Once setup is completed successfully, your account will display Two-Factor Authentication Enabled.

 

How Login Works After Enabling 2FA

After 2FA is enabled, logging in requires two steps:

  1. Enter your account email and password
  2. Complete the second verification using your selected 2FA method

If you do not receive a verification code, you can click Common Causes and Solutions for Not Receiving OTP Verification Codes to view troubleshooting guidance. 

 

Using 2FA During Sensitive Operations

SmartPush applies additional protection to sensitive actions, such as:

  • Campaign data exports
  • Contact data exports
     

How verification works depends on your 2FA status:

If 2FA is not enabled

  • You will be prompted to verify your identity based on risk level
  • After verification, you may be guided to enable 2FA
     

If 2FA is enabled

  • For low-risk scenarios, extra OTP verification may be skipped
  • For high-risk scenarios, a second verification may still be required

Disabling Two-Factor Authentication

To disable 2FA:

  1. Go to Account Management > Login & Security
  2. Click Disable Two-Factor Authentication
  3. Verify your password
  4. Complete verification using your current 2FA method
  5. Confirm disabling 2FA
Note: Disabling 2FA reduces your account’s security level. Please proceed with caution.

Important Notes & Limitations

  • You cannot currently change your 2FA email address or phone number by yourself
    If you need to update them, please contact customer support for manual assistance.
  • If you lose access to your authentication app or device, contact customer support for recovery.
  • Verification codes are time-limited and may expire if not used promptly.

     
Have more questions? Submit a request

Comments