The Shrimpy team encourages everyone to secure their account with our 2FA service. It provides a simple way to add extra layers of security.
The Importance of 2FA
Although all users are required to select a password for their account, there are times when passwords aren't enough to remain secure. This is true especially if the password is re-used for multiple services. Every time a password is re-used, each account that uses the same password becomes less secure.
If any other service becomes compromised, that means someone will have the same email and password that is used to secure their Shrimpy account. With these credentials, an individual would be able to log into the Shrimpy account.
Unless you had 2FA enabled.
Two-Step Authentication (AKA Multi-Factor Authentication) provides a way that even if a password is stolen, the user's phone or secret key is still required to log into their Shrimpy account.
The Google two-step verification code is generated by the Google Authenticator on the phone, and the verification code is changed every 30 seconds. Each verification code can only be used once.
Note: In the situation described above, Shrimpy was not compromised in any way. Since the user gave the same email and password to another service that was compromised, someone was able to log into their Shrimpy account.
How do I set up 2FA?
The setting to enable 2FA can be found in the "Settings" tab of the Shrimpy application.
On the "General" sub-tab, you will see a section for "SECURITY". In this section, you will be able to whitelist IPs as well as enable Multi-Factor Authentication (2FA).
After you have checked the box to enable 2FA and saved, you will be prompted to scan you 2FA code at your next log in. Once you have done this, you are now set up with 2FA for your Shrimpy account.
How does 2FA work with multiple devices?
Each device you use to log into Shrimpy will require you to enter your 2FA code. This means if you have a desktop computer, a laptop computer, and a phone, you will need to enter your 2FA code when you log into your Shrimpy account from each of these devices.
How often do I need to enter my 2FA code?
Currently, Shrimpy will only prompt you to enter your 2FA every 30 days when you are logging in from the same device.
How do I get a new 2FA code?
Shrimpy provides an easy way to reset the 2FA on your account. A 2FA reset will completely remove the old 2FA QR Code from your account and generate a new one.
To reset your 2FA, start off by navigating to the "Settings" page. Under the "Security" section, you will find a checkbox for "Enable Multi-Factor Authentication". This was both the spot that you enabled 2FA as well as the spot where we will now reset 2FA.
Reset your 2FA, by selecting the checkbox next to "Enable Multi-Factor Authentication". This will present a popup like the one displayed below.
Select the option to "Continue". Once you have done this, Shrimpy will log you out of your account and you will need to log back into your account to complete the reset.
Once you have logged back into your account, Shrimpy will complete the reset process and allow you to once again re-enable 2FA.
When 2FA is re-enabled, Shrimpy will present a new QR code that you can use to set up a fresh 2FA connection with your device.
Note: We recommend using the Google Authenticator application for this process. Other applications might work, but we can't guarantee that every other 2FA app can work correctly.
My 2FA code is not working. What do I do?
If you are having any issues with entering your 2FA, please contact us at email@example.com for assistance.
My 2FA code won’t scan
An article on how to debug issues with setting up 2FA (MFA) inside the Shrimpy application.
When setting up and using 2FA with Shrimpy, there are a few reasons why your 2FA setup might fail.
Using Google Authenticator
There are a number of different mobile applications that provide 2FA style functionality for websites. We strongly recommend using the official Google Authenticator application.
If you are experiencing issues with setting up your 2FA, please check to make sure you are using the Google Authenticator application to set up your 2FA.
Dark Mode / Night Mode
When setting up 2FA, please disable any extensions that might alter the colors on your screen. The most common extensions that people use which cause problems are those that implement a "Dark / Night mode" for your browser.
These dark mode extensions will alter the colors around the 2FA QR code. As a result, the QR code will become unreadable or even incorrectly read.
To resolve this issue, please disable any dark / night mode extensions during the 2FA process. After you have successfully set up your 2FA, you can once again enable your dark mode extension.
Have questions, comments or concerns? Feel free to reach out to us via the blue "Support" button found in the bottom left corner of your Dashboard, or send an email to Support@Shrimpy.io.