The Shrimpy team encourages everyone to secure their account with our 2FA service. It provides a simple way to add extra layers of security.
The Importance of 2FA
Although all users are required to select a password for their account, there are times when passwords aren't enough to remain secure. This is true especially if the password is re-used for multiple services. Every time a password is re-used, each account that uses the same password becomes less secure.
If any other service becomes compromised, that means someone will have the same email and password that is used to secure their Shrimpy account. With these credentials, an individual would be able to log into the Shrimpy account.
Unless you had 2FA enabled.
Two-Step Authentication (AKA Multi-Factor Authentication) provides a way that even if a password is stolen, the user's phone or secret key is still required to log into their Shrimpy account.
The Google two-step verification code is generated by the Google Authenticator on the phone, and the verification code is changed every 30 seconds. Each verification code can only be used once.
Note: In the situation described above, Shrimpy was not compromised in any way. Since the user gave the same email and password to another service that was compromised, someone was able to log into their Shrimpy account.
How do I set up 2FA?
The setting to enable 2FA can be found in the "Settings" tab of the Shrimpy application.
On the "General" sub-tab, you will see a section for "SECURITY". In this section, you will be able to whitelist IPs as well as enable Multi-Factor Authentication (2FA).
After you have checked the box to enable 2FA and saved, you will be prompted to scan you 2FA code at your next log in. Once you have done this, you are now set up with 2FA for your Shrimpy account.
How does 2FA work with multiple devices?
Each device you use to log into Shrimpy will require you to enter your 2FA code. This means if you have a desktop computer, a laptop computer, and a phone, you will need to enter your 2FA code when you log into your Shrimpy account from each of these devices.
How often do I need to enter my 2FA code?
Currently, Shrimpy will only prompt you to enter your 2FA every 30 days when you are logging in from the same device.
How do I get a new 2FA code?
Shrimpy does not currently have an automated system to get a new 2FA. In order to get a new 2FA code, please send us an email to firstname.lastname@example.org from the email you used to sign up for Shrimpy. We would be happy to assist you with getting a new code.
My 2FA code is not working. What do I do?
If you are having any issues with entering your 2FA, please contact us at email@example.com for assistance.