Require Two-Step Verification (MFA)

Karl Falconer · Updated

Two-step verification (MFA) adds a one-time code to the email/password sign-in, so a password alone isn’t enough to access your DropStream account. When it’s on, every user enters a 6-digit code after their password — emailed to them by default, or generated by an authenticator app if they’ve added one. You turn this on for the whole account from the User/Password authentication source.

Note: Only DropStream account administrators can change authentication source settings. New accounts have two-step verification enabled by default.

How two-step verification works

  • The code is emailed by default, so users can sign in without any extra setup — email stays available as a backup, so no one gets locked out.
  • Each user can optionally add an authenticator app (Google Authenticator, 1Password, Authy, and similar) for a faster, offline code. Setup is per user, from their own Preferences — see Set Up an Authenticator App.
  • The requirement applies to every user on the account. Users can’t opt out, but they choose whether to add an authenticator app on top of the email code.

Require two-step verification for all users

  1. In the DropStream app header, click your user name and select Account Settings.

  2. Open the Authentication Sources tab.

    Authentication Sources list showing the Email/Password source with an MFA badge

  3. Click the edit (pencil) icon on the User/Password source to open the Edit User/Password panel.

  4. Under Security, turn on Require two-step verification (MFA) for all users.

    Edit authentication source panel with the Require two-step verification (MFA) toggle under Security

  5. Click Save changes.

The User/Password source now shows an MFA badge in the list, confirming the requirement is active. The next time each user signs in, they’re asked for a 6-digit code.

What your users will see

At their next sign-in, after entering their password, users land on a Two-step verification screen and enter the 6-digit code emailed to them. They can also select Trust this device for 30 days to skip the code on that browser for a month.

To use a faster, offline code instead of email, a user can add an authenticator app from their own Preferences. Walk them through it with Set Up an Authenticator App.

Turn off two-step verification

To stop requiring two-step verification, repeat the steps above and turn off Require two-step verification (MFA) for all users, then click Save changes. Users are no longer asked for a code at sign-in.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.