2-step login verification
We strongly recommend customers to setup Google Authenticator as a backup in addition to providing a phone number for 2-step verification.
2-step login verification is a security feature that helps to protect your account against unauthorized access by requiring a numeric code to be entered in addition to your username and password.You can get the code via text message (SMS) or by generating one with the free Google Authenticator app, even if your device has no data or connectivity.
2-step verification only protects access to the web application and not your Git or Subversion access.
Enable 2-step verification
2-step verification is available for Beanstalk accounts of all plans and sizes. It's disabled by default, but you can enable it with a single click under Account > Security (you have to be the account owner). As soon as you enable it, Beanstalk will ask you to set up and verify your phone number. All users in your account will be asked to do the same next time they try to log in. It's important to make sure that everyone completes this process in order to keep the account secure. As an account owner, you can see a list of users who didn't set up 2-step verification on the Security page. You can activate and deactivate 2-step verification at any time.
All users that you invite to your account after 2-step verification is enabled will be required to enter their phone numbers when they accept the invitation.
Provide backup options
In addition to your primary phone number Beanstalk will ask you to provide a backup phone number. This way you can still access your account even if your phone is lost or inaccessible. If you choose to setup Google Authenticator as well you will have 3 ways to generate codes to avoid getting locked out of your account. We strongly recommend that you setup both backup options.
Setup Google Authenticator
Google Authenticator is a free app for iPhone and Android that can generate verification codes even when your device has no data or phone connectivity. To use Google Authenticator with your Beanstalk account, simply go to Profile Settings (by clicking on your name at the top right corner of any page) and follow instructions under Two-step Verification.
Remembering your computer
During login you will have an option to have us remember your computer for 30 days. This way you don't have to enter a verification code every time you want to access Beanstalk. This will apply only to the particular computer (and browser) where you select that option.It will be reset if you explicitly click Log Out in the application or use a different computer or web browser.
Beanstalk API and 2-step verification
2-step verification is not required for API requests. However, once 2-step verification is enabled, the API will prohibit usage of passwords for all API requests. All users will need to authenticate with an access token provided by Beanstalk. You can generate a token in your Profile Settings (click on your name at the top right, then go to Access Tokens).Make sure to transition all apps and services that use your Beanstalk credentials to connect over the API to use access tokens before enabling 2-step verification (like Tower App).