Tracker offers the added login security of Two-factor authentication at the user Profile level for all customers, including the 30 Day Trial, Free, Startup, Standard and Enterprise plans.
Two-factor authentication (2FA) is a process that adds an extra layer of security to your login, by asking you to verify your identity using authentication codes from an app on your phone. When you enable this process, every time you log into Tracker, you will be asked to enter a code from the app on your phone.
Enabling Two-factor authentication
- Select your username or avatar at the top right of Tracker, then choose Profile from the drop-down menu.
- Select the Security tab from the top navigation menu, then select Enable Two Factor Authentication.
- On the following page you’ll be provided with recovery codes that you can either download or print. Please store these codes in a secure location (not on your 2FA device) and treat them like a password. Each code can only be used once. If you lose your device, you will need these recovery codes to access your account. Without these codes, we may not be able to recover your account.
- If you haven’t already, please download a 2FA application to your device (there are many options to choose from), which will allow you to scan the QR code provided on this page (if scanning’s not working, use the provided text/code instead). Once scanned, the 2FA application on your device will be linked to your Tracker login.
- To continue enabling 2FA for your login, enter the authentication code provided on your device in the provided field, which upon successfully entering, will enable 2FA and send a confirmation email.
Disabling Two-factor authentication
- Select your username or avatar at the top right of Tracker, then choose Profile from the drop-down menu.
- Select the Security tab from the top navigation menu, then select Disable Two Factor Authentication.
- You will be prompted for your Tracker password, which upon successfully entering, will disable 2FA and send a confirmation email.
Enforcing Two-factor authentication (account level)
Because Tracker logins can own, administer and/or be members of unlimited Tracker accounts, it’s not possible to explicitly enforce 2FA to all members of a given account. That said, account owners and admins have visibility into whether or not each member of their account has 2FA enabled via the Account Members report. You can then use the report to manually enforce 2FA by communicating with any users that still have not enabled it.
To access the Account Members report (account owner & admins only):
- Click Accounts under your username or avatar at the top right of Tracker.
- Select Manage Account for the account you wish to manage membership for.
- Click the Account Members tab, listed just above the listed plans.
- Click the Export Members CSV button, just to the left of the Add Member button.
Two-factor authentication on mobile apps
Our mobile apps (iOS and Android), now support two-factor authentication. If you enable 2FA in the web application, you will now be required to enter your authenticator code when signing in to the mobile apps.
Password reset
If you’ve forgotten your password, you’ll need to use the Forgot password link on the sign in page, and enter your email address. Click the link in the password reset email where you’ll first need to enter your 2FA authentication code before setting a new password.
Login recovery
If you’ve lost your device, and no longer have access to your chosen 2FA application, it would be necessary for you to use one of the recovery codes that you previously downloaded or printed during the enablement process. You will find a link at the bottom of the Two Factor Authentication form under “Need help”, which will allow you to enter a code.
In the unfortunate event that the authentication codes were also lost, you can request a reset of your authentication settings by emailing the Tracker Support team from the email address associated with your Tracker login. For security reasons, this can take 3-5 business days. Depending on the specific circumstances, we may or may not be able to process your request.