Email-based two-factor authentication (2FA) adds an extra layer of security to your Stora account by requiring a one-time verification code each time someone logs in.
This helps protect your account even if a password is compromised.
Who can enable 2FA?
Only the account owner can turn on two-factor authentication.
You’ll find the setting under: Settings → Security
Once enabled, it applies to everyone on the account, including the owner.
How it works
When 2FA is turned on:
A staff member enters their email and password as normal.
Stora sends a one-time verification code to their email address.
The staff member enters this code to complete their login.
A new code is required every time they log in.
What happens if someone enters the wrong code?
For security reasons, there is a limit on how many incorrect codes can be entered.
If the wrong code is entered too many times, the user will be temporarily locked out
The lockout lasts for 10 minutes
After 10 minutes, they can try logging in again and request a new code
This helps prevent unauthorised access or brute-force attempts.
Things to be aware of
Verification codes are sent to the email address associated with the staff account
Codes expire after a short time — if a code doesn’t work, request a new one
Make sure staff can access their email inbox when logging in
Need help?
If you or a team member are having trouble logging in with 2FA enabled, contact Stora Support and we’ll help you get back in securely.