LOG IN SIGN UP
Documentation

Enabling and disabling two-factor authentication

Fastly supports two-factor authentication, a two-step verification system, for logging in to the web interface. In a two-factor authentication security process, users provide two means of identifying themselves to the system, typically by providing the system with something they know (for example, their login ID and password combination) and something they have (such as an authentication code). Organizations can enable company-wide two-factor authentication to require all users within the organization to use two-factor authentication.

Before you begin

You'll need to enter an authentication code regularly. Once two-factor authentication has been enabled, an authentication code will be requested upon login at least every 14 days for each computer and browser you use to access the Fastly web interface.

A mobile device is required. Using this security feature with a Fastly account requires a mobile device capable of scanning a barcode or QR code using a downloadable authenticator application. We recommend the following:

There are special requirements for using this feature with the API. If you enable two-factor authentication via the web interface, you will no longer be able to use a username and password when using the API. You must use the organization's API key for authentication.

Managing two-factor authentication as a user

Depending on whether or not your organization has enabled company-wide two-factor authentication, you may be able to enable and disable two-factor authentication for your personal account. We also have instructions for recovering access to your account if you lose your mobile device.

Enabling two-factor authentication

To enable two-factor authentication for your user account, follow the steps below.

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. Click Manage your security settings from the Account Security area near the bottom of the page. The Account Security page appears.

    the account security 2fa setup page

  4. Click the Set Up button. The password verification screen appears.

  5. Verify your Fastly password and then click Continue. The authentication QR code appears.

    the 2fa QR code

  6. Launch the authenticator application installed on your mobile device and scan the displayed QR code or manually enter the key displayed in the setup window. A time-based authentication code appears on your mobile device. Depending on your device, however, a browser link may first appear. You need to click this link to save it. When you do, the words Secret saved appear briefly.

  7. In the Authentication Code field, type the time-based authentication code displayed on your mobile device.

  8. Click Continue. The confirmation screen appears along with your recovery codes.

    the 2fa recovery codes

After you enable two-factor authentication, logging in to your Fastly account will require your email address and password, and then an authentication code generated by the authenticator application you've installed on your mobile device. By default, the system requires you to authenticate your login using an authentication code at least every two weeks for each computer and browser you use to access the Fastly web interface.

Disabling two-factor authentication

Once two-factor authentication is enabled for your account, you can disable it at any time by following the steps below.

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. In the Account Security area of the settings sidebar, click Manage your security settings. The two-factor authentication controls appear.

    the account security 2fa page with 2fa enabled

  4. Click Disable. The verification screen appears.

  5. In the Authentication Code field, type the time-based authentication code displayed in the authenticator application on your mobile device, then click Confirm and Disable.

What to do if you lose your mobile device

If you lose your mobile device after enabling two-factor authentication, use a recovery code to log in to your Fastly account. You can continue to use recovery codes to log in until you get your mobile device back. Recovery codes can only be used once, however, so remember to regenerate a new list of codes to avoid running out before you recover your mobile device.

If you do not believe you will be able to recover your lost mobile device and you still have at least two recovery codes left, you can log in with one recovery code and disable two-factor authentication with a second code. Once two-factor authentication is disabled, you can re-enable it with a new mobile device at a later time and regenerate a new set of codes.

If your organization has enabled company-wide two-factor authentication, you can contact a superuser for your organization and ask them to reset your two-factor authentication.

Locked out of your account? See our article on what you can do about it.

Managing two-factor authentication as a superuser

If you are assigned the superuser role for your organization, you can view who has two-factor authentication enabled on the account tab in the Users area of your Account settings. Users with this feature enabled have padlocks displayed next to their names.

the padlock next to a user name indicates they have 2fa activated

To disable two-factor authentication for any user within your organization, select Disable 2FA from the menu that appears when you click the gear icon next to that user's name.

Managing two-factor authentication as a company

Organizations can enable two-factor authentication for all of their users. When the company-wide two-factor authentication feature is enabled, all users within the organization are required to use two-factor authentication to log in to the Fastly web interface, and they cannot disable two-factor authentication for their accounts.

Enabling company-wide two-factor authentication

Users assigned the superuser role can enable this feature on the Account page. To enable company-wide two-factor authentication for all users within your organization, follow the steps below.

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. In the Customer Options area, select Yes from the Company-wide Two-Factor Authentication menu.

    company-wide 2fa settings set to yes

  4. Click Update Customer Options. A warning message appears.

  5. Click Continue. You will be logged out of the Fastly web interface. This completes the setup process for company-wide two-factor authentication.

Users who have not already enabled two-factor authentication for their accounts will be prompted to do so the next time they log in to the Fastly web interface.

Resetting a user's two-factor authentication

If company-wide two-factor authentication is enabled, and a user within the organization gets locked out of their account or needs to enable a new device, a superuser can reset the user's two-factor authentication. To reset a user's two-factor authentication, follow the steps below.

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. In the Users area, click the gear icon next to a user and then select Reset 2FA. A warning message appears.
  4. Click Reset. The user will need to set up two-factor authentication for their account the next time they log in.

Disabling two-factor authentication for a single user's account

If company-wide two-factor authentication is enabled, a superuser can disable two-factor authentication for a single user's account. This is typically done for user accounts being used for scripts and session authentication. To disable two-factor authentication for a single user's account, follow the steps below.

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. In the Users area, click the gear icon next to a user and then select Ignore 2FA. A warning message appears.
  4. Click Ignore. Two-factor authentication will no longer be required for the selected user.

Disabling company-wide two-factor authentication

A superuser can disable company-wide two-factor authentication. Once this feature is disabled, existing users within the organization will be able to manage their own two-factor authentication settings, and new users will not be required to set up two-factor authentication to log in to the Fastly web interface. To disable company-wide two-factor authentication, follow the steps below:

  1. Log in to the Fastly web interface.
  2. From the user menu, select Account. Your account information appears.
  3. In the Customer Options area, select No from the Company-wide Two-Factor Authentication menu.

    company-wide 2fa settings set to no

  4. Click Update Customer Options. A warning message appears.

  5. Click Continue. Company-wide two-factor authentication becomes disabled.


Back to Top