Two-Step Authentication (2SA) is an extra layer of security that protects your Unleashed account by requiring two forms of verification when you log in:
Something you know - your password
Something you have - a code from an authenticator app on your device
This makes it much harder for unauthorized users to access your account, even if they somehow obtain your password.
Important: All users of Unleashed accounts that were created before January 2025 are required to set up 2SA for their login, unless your account uses Access Evo.
How 2SA works
When you set up 2SA, you'll receive a unique secret key that connects to an authenticator app on your phone or computer. This app generates a new 6-digit code every 30-60 seconds. Each time you log in to Unleashed, you'll enter both your password and the current code from your authenticator app.
What you'll need
Before starting, make sure you have:
Your Unleashed email address and password.
A smartphone or computer to install the authenticator app.
An alternative email address (different from your Unleashed login email and cannot contain the "+" symbol).
Recommended authenticator apps
Choose one of these trusted authenticator apps:
Google Authenticator: Download Google Authenticator
Microsoft Authenticator: Download Microsoft Authenticator
Chrome Authenticator: Download Chrome Authenticator
Set up 2-Step Authentication
It can take between 2 to 10 minutes to set up your user's 2SA, depending on your experience with authenticator apps.
Tutorial video
2SA setup instructions
After you have initially set up your Unleashed user's email and password, you'll automatically be prompted to set up 2SA:
Download and install your chosen authenticator app. If you already use an authenticator app, you can simply add your Unleashed account to it.
Open your authenticator app.
Choose one option:
Scan QR code: Use your phone's camera, or a computer's click and drag highlighter, to scan the code displayed on screen.
Enter manually: Click "enter your key manually" and type the characters shown.
Your authenticator app will display a 6-digit code. Enter this code in Unleashed (codes are typically valid for 30-60 seconds).
Provide an alternative email address.
Click "Send Verification Code".
Check your alternative email's inbox for the verification code, and enter it in Unleashed (valid for 15 minutes).
Click "Got It" to finish the setup.
Tips for success
Keep your alternative email accessible, this is your backup when you can't access your authenticator.
Don't share authentication codes; they're unique to your account.
Consider your security needs before using "Remember me for 30 days".
Test the setup by logging out and back in after initial configuration.
Using 2SA
Once 2SA is set up, your daily login process will go as follows:
Go to Unleashed's login page.
Enter your email and password.
Open your authenticator app and enter the current 6-digit code.
Check "Remember me for 30 days" during the login process if you're on a trusted device, so that you are only required to authenticate your login every 30 days.
🤓 Tip: If you do not have access to your authenticator app, click on ""Lost your mobile device?" to receive a code via your alternative email instead.
Resetting your 2SA
If you lose access to your authenticator or need to set up a new device, your Account Owner can reset it.
As the Account Owner, go to Settings > System > Users.
Along the user's row, hover over the action cog.
Select "Reset 2SA".
The user will be prompted to set up 2SA again on their next login.
User scenarios
The table below outlines the ideal solution for using 2SA, depending on the user's typical account access.
Situation | Solution |
One User, using one device | Set up 2SA normally, and can use the "remember me for 30 days" option. |
One User, using multiple devices | Use the same authenticator app or alternative email for all devices. Google Authenticator recommended. |
One User with access to multiple accounts | Set up 2SA on the first account, and this will apply to all accounts your user has access to. |
Multiple Users sharing one device, e.g. a Warehouse computer. | Each user sets up their own 2SA and must log out between sessions. |
Generic user email addresses, e.g, sales@company.com, admin@company.com | The email custodian sets up 2SA with an agreed-upon alternative email address. |
📌 Note: See clauses 2.1, 3.6 and 8.2 of Unleashed’s Terms and Conditions, which reference User Licensing, access conditions, and subscription levels.
Frequently asked questions
What happens when I enter invalid authentication codes?
What happens when I enter invalid authentication codes?
Authentication codes are generated and are only valid for a limited time to ensure security. Authenticator app codes are generally valid for between 30 and 60 seconds. Authentication codes sent to your alternative email address are valid for 15 minutes. Sometimes you may enter a code that has already expired and you will be "challenged" to provide another code.
After 3 failed attempts, you will be offered the option of having the authentication code emailed to your alternative email address.
When I input my 6 digit code I get the message "Your authentication information is incorrect. Please try again."
When I input my 6 digit code I get the message "Your authentication information is incorrect. Please try again."
If you are receiving an error after inputting your 6 digit authentication code this could be related to the device's date and time. Make sure your device is set correctly by turning on the automatic time zone feature in your device settings.
How long does my session last before Unleashed logs me out?
How long does my session last before Unleashed logs me out?
Unleashed does not log you out after being idle for any period of time, but will be introducing session management at a later date to identify idle sessions and time them out.
How long does it take for my alternative email address verification email to arrive in my inbox?
How long does it take for my alternative email address verification email to arrive in my inbox?
The verification email for an alternative email address should arrive almost instantaneously. In the event you have not received it within a few minutes, please check your spam and junk folder, or contact support.
How can the alternative email address be changed?
How can the alternative email address be changed?
The alternative email address can only be set during your 2-Step Authentication (2SA) setup process. In order to change your alternative email address, you would need to set up your 2SA again. Your Account Owner will be able to reset 2SA for you by logging into their Unleashed, navigating to Settings > Security > Users, then hovering over the Action Cog at your Action column, and clicking on 'Reset 2SA'.
Once the Account Owner has reset 2SA for you, the next time you attempt to login to your Unleashed account, you will be prompted to set up your 2SA. And during the setup process, you will be able to enter the alternative email address you wish to use.