Enforcing Two-Factor Authentication (2FA)


In today's digital world, keeping your online accounts secure is more important than ever. Passwords alone can sometimes be vulnerable. That's where Two-Factor Authentication, or 2FA, comes in. It adds an extra layer of security beyond just your password, usually requiring something you know (your password) and something you have (like a code from your phone).

For team accounts, ensuring everyone uses strong security measures is vital to protect your shared data and sending reputation. At AhaSend, we offer a feature that allows the account owner to enforce the use of 2FA for all team members accessing that specific account. This helps make sure that only authorized users can get into your AhaSend account, significantly boosting your overall security.

This guide will walk you through what 2FA enforcement is, who can set it up, what needs to be done beforehand, and how it affects your team members.

What is 2FA Enforcement?

Two-Factor Authentication enforcement is a setting that, when turned on, requires every user who is a member of a specific AhaSend account to enable and use 2FA on their profile before they can access that account. It's a way for the account owner to mandate a higher standard of security for everyone working within their account.

Think of it like adding a second lock to a shared door. Everyone who needs to enter must not only have the key (password) but also the code for the second lock (2FA). If they don't have the second code set up, they can't open the door.

When 2FA enforcement is active for an account, any team member trying to log in will be checked to see if they have 2FA enabled on their individual AhaSend profile. If they haven't set it up yet, they will be prompted to do so immediately and will not be able to proceed into the account until their 2FA is active.

Who Can Enable 2FA Enforcement?

The ability to turn on 2FA enforcement for an AhaSend account is limited to the account owner. This is a significant security setting that affects all team members, so only the primary owner of the account has the necessary permissions to make this change. Team members with administrative roles or other permissions cannot enable this setting unless they are also the account owner.

This restriction ensures that this important security decision is made by the person ultimately responsible for the account's security and configuration.

Prerequisites for Enabling Enforcement

Before the account owner can enable 2FA enforcement for the team, there's one crucial step they must complete:

The account owner must have Two-Factor Authentication enabled on their own AhaSend profile first.

This is a necessary security measure. The system ensures that the person enforcing a security requirement for others also meets that requirement themselves. If the account owner has not yet set up 2FA on their profile, they will need to do that before the option to enforce it account-wide becomes available or can be activated.

This process involves the owner going to their personal security settings within their profile and setting up 2FA using an authenticator app or another supported method. 

Once the owner's personal 2FA is active, they can then proceed to the account-level settings to enable enforcement for the team.

How to Enable 2FA Enforcement

While the exact steps might vary slightly depending on the user interface version, enabling 2FA enforcement generally involves the account owner navigating to the account's security or team settings.

Here's a general idea of the process:

  1. Log in to your AhaSend account as the account owner.

  2. Ensure your own 2FA is enabled on your profile. If not, set that up first.

  3. Navigate to the Account Settings section. This is found in the top-right dropdown menu in your dashboard.

  4. Look for the Security section.

  5. Find the option for Enforce Two-Factor Authentication

  6. Toggle or check the box to enable this setting.

  7. Save the changes.

2FA enforcement option

 

Once saved, the enforcement rule becomes active immediately for that specific AhaSend account.

What Happens When Enforcement is Enabled?

When 2FA enforcement is successfully enabled by the account owner, it affects all team members associated with that account, including the owner.

Here's what team members will experience:

  • Upon their next access to your account dashboard: When a team member tries to access an account dashboard on AhaSend that has 2FA enforcement enabled, the system will check their profile's 2FA status.

  • If 2FA is already enabled: If the team member has already set up 2FA on their profile, they can access the account dashboard as usual.

  • If 2FA is NOT enabled: If the team member has not yet enabled 2FA on their profile, they will be redirected to their profile to enable 2FA. They will be presented with a clear message explaining that 2FA is now required for this account and they must set it up to continue.

  • Requirement to Enable 2FA: The user interface will guide the team member through the process of setting up 2FA on their profile right then and there.

  • Access is Blocked Until Setup: The team member will not be granted access to the account dashboard or any account features until they successfully complete the 2FA setup process for their profile. They must enable 2FA before they can proceed further into the account.

This ensures that every single person accessing the account meets the required security standard, significantly reducing the risk of unauthorized access even if a password is compromised.

2FA Enforcement and Multiple Accounts

It's common for users, especially agencies or consultants, to be members of multiple AhaSend accounts. The 2FA enforcement setting is specific to each individual account.

Here's how it works if a user is part of several accounts:

  • If Account A has 2FA enforcement enabled, and Account B does not:

  • The user will need to have 2FA enabled on their profile to access Account A. When they log in and select or try to access Account A, they will be required to use their 2FA code (or set it up if they haven't).

  • However, the user can still access Account B without having 2FA enabled on their profile, because Account B does not have enforcement turned on.

This means that enabling 2FA enforcement on one account does not automatically force a user to enable 2FA to access other accounts they are members of, unless those other accounts also have 2FA enforcement enabled. The requirement applies only when accessing an account where the owner has specifically turned on the enforcement setting.

Why Enforce 2FA?

Enforcing 2FA across your team isn't just about following a security trend; it's a practical step to protect your critical email infrastructure and data.

  • Prevents Unauthorized Access: Even if a team member's password is stolen or guessed, the attacker would still need the second factor (the 2FA code) to gain access, which is highly unlikely without physical access to the team member's device.

  • Protects Sensitive Data: Your AhaSend account contains important data about your email activity, recipients, and potentially sensitive configurations. 2FA enforcement helps keep this data safe.

  • Maintains Sending Reputation: Unauthorized access could lead to misuse of your account for sending spam, which would severely damage your domain's sending reputation and affect your legitimate email delivery.

  • Compliance: For some businesses, requiring 2FA is a part of meeting industry regulations or compliance standards.

By requiring all team members to use 2FA, the account owner creates a stronger security posture for the entire account, reducing the risk associated with individual user accounts.

If you are the account owner, enabling 2FA enforcement is a simple yet powerful way to enhance the security of your AhaSend account and protect your team's access. Remember to enable 2FA on your own profile first, then navigate to your account settings to turn on enforcement for the team.

For any questions about 2FA or account security, please visit our Help Center or contact our support team.

Category
AhaSend
Send up to 1,000 emails per month on us, no credit card required!