Protect your account with individual 2-step verification

  • Updated
  • Optimizely Feature Experimentation
  • Optimizely Full Stack (Legacy)
  • Optimizely Web Experimentation
  • Optimizely Performance Edge

Individual two-step verification increases the security of an Optimizely Experimentation account by adding a second level of authentication when signing in. Instead of relying only on a password, individual two-step verification requires you to enter a code that you access from your mobile phone. That way, you can rest easy knowing that the account is protected, even if your password is compromised.

Enable individual two-step verification

  1. Download and install an authenticator app for your phone. Currently, you can choose from Google Authenticator (Android, iOS, Blackberry), Duo Mobile (Android, iOS) or Microsoft Authenticator (Windows Phone).

    These apps generate secret codes for your phone every 30 seconds. When you log in to Optimizely Experimentation, you’ll need the most current code to gain access to your account.

  2. Enable individual two-step verification.

    In Optimizely Experimentation, navigate to Profile. Under two-step Verification, select Enable:

    Accounts-12.png

  3. Enter your Optimizely Experimentation password to confirm two-step verification and click Next.

    enable-individ-two-step.png

  4. Open the authenticator app from your mobile device and use it to scan the QR code generated by Optimizely Experimentation. This will link your account to your phone.

    Accounts-13.png

  5. Your phone’s authenticator app will generate a security code. Enter this security code in the Optimizely Experimentation field and click Next.

    Accounts-14.png

    If you are encountering an error where your authentication codes are showing as invalid, review the steps in the Troubleshooting section.

  6. Upon successful enrollment, a modal containing your backup codes displays. Save these in a safe place as you will need them in case you lose your phone or cannot access your authenticator app. Read the Backup codes section for more information.

Sign in 

After you enable individual two-step verification, enter a current security code from your authenticator app in addition to your password any time you sign in to Optimizely Experimentation.

  1. Sign in to Optimizely Experimentation using your username and password. Doing so prompts you to enter your security code. 

    Accounts-15.png

  2. Open your authenticator app on your mobile device. It generates a new security code every 30 seconds.
  3. Enter the current security code and click Verify before the code expires.

Backup codes

When you enable individual two-step verification, you are given a list of backup codes similar to these:

backup-codes.png

It's important to write down the codes generated for you and store them in a safe place. If you lose your phone or cannot access your authenticator app, you can use a backup code for one-time access to your account. After a code is used, it is no longer valid.

You can generate new backup codes by clicking Generate New Backup Codes under Profile > Preferences > 2-step Verification. This renders all older codes invalid.

Synchronize Google Authenticator

If after you scan your QR code and are inputting your authentication code in for the first time, or are returning to log in and noticing that your generated authentication codes are being flagged as invalid, it might be because of the time on your Google Authenticator app is not synchronized correctly.

To make sure that you have the correct time:

  1. Go to the main menu on the Google Authenticator app.
  2. Click Settings.
  3. Click Time correction for codes.
  4. Click Sync now.

On the next screen, the app confirms that the time is synchronized, and you should now be able to use your authentication codes to sign in. The synchronization only affects the internal time of your Google Authenticator app on your Android phone, and does not change your device's Time and Date settings.

Disable individual two-step verification

If you no longer want the extra protection provided by individual two-step verification, you can disable the feature in your Account Settings. Select Disable (instead of Enable), click Save, and enter your Optimizely Experimentation password when prompted.

Locked out?

If you are having trouble logging into your account using individual two-step verification, try the following steps in order:

  1. Use one of the backup codes generated during your initial sign-up.
  2. If you are using an authentication app such as Google Authenticator, check the app's time correction settings and re-synchronize the app if necessary.
  3. If you are still signed into Optimizely Experimentation (on another device, for example), turn off individual two-step verification within your Account Settings.
  4. Ask an administrator on your account to open a support ticket on your behalf. Provide the user's email address whose two-step verification is not working. If you are an administrator on the account and cannot log in, have another administrator file a support ticket on your behalf.

If these steps do not work, file an online ticket for support.