Set up two-factor authentication (2FA)

Administration

Available from 18.0.0

Needed permissions: owner or manage

If you want to extra secure your Piwik PRO account, you can turn on two-factor authentication (aka 2FA). 2FA means that you’ll need two steps to log in to your account: (1) your email and password and (2) a unique passcode generated by a 2FA app.

In this article, we’ll explain how to set up 2FA, how to use it and how to turn it off if you ever need to.

Before you start

Here are some things to know before you begin this process:

  • You’ll need to download a two-factor authentication app to your mobile device. It could be Authy, Duo Mobile, LastPass Authenticator and the like.
  • A two-factor authentication app will generate a one-time password (OTP). This OTP is a six-digit code that usually expires after 30 seconds.
  • You’ll always need your mobile device to generate the passcode. But if you can’t access your mobile device, you can use any of the backup codes you received when setting up your 2FA.
  • Two-factor authentication is turned on for the entire account by the account owner or individually by users. If turned on for the entire account, all users will need to use 2FA to log in.

Turn on 2FA for all users

Note: Only owners can turn on 2FA for all users.

To turn on 2FA for all users in your Piwik PRO account, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Administration.
  3. Navigate to Account.
  4. On the left, click Account settings.
  5. Turn on 2FA for all users.
    2FA in Piwik PRO
  6. This is it! 2FA is set across your entire Piwik PRO account. From now on, each time you and other users log in, you’ll be asked for your email, password and then for a six-digit one-time password.

    Note: Piwik PRO will log out all users after you turn on 2FA and ask them to set up 2FA when they try to log in again.

Set up 2FA on next login

If the owner has turned on 2FA on the Piwik PRO account you’re using, you’ll need to set up 2FA the next time you log in. 

To set up 2FA on your next login, follow these steps:

  1. Download an authentication app for your mobile device. Example: Authy, Duo Mobile, LastPass Authenticator and the like.
  2. Log in to Piwik PRO with your email address and password.
  3. On the next screen, you’ll see instructions and a QR code. Scan the code into your authentication app.
    2FA in Piwik PRO

    Note: If you can’t use a QR code scanner, you can enter the secret key shown below the QR code.

  4. The app will give you a six-digit code. Type it into the input field in Piwik PRO.
    2FA in Piwik PRO
  5. On the next screen, you’ll see a list of backup codes. Save and store them in a safe place because they are not available anywhere else.
    2FA in Piwik PRO
  6. Job done! From now on, when logging in, you’ll be asked for your email, password and then for a six-digit one-time password.

Reset 2FA for another user

Note: Only owners can reset 2FA for another user.

If your teammate loses or changes their mobile device and can’t log in to Piwik PRO, you’ll need to reset 2FA for them.

To reset 2FA for a user, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Administration.
  3. Navigate to Users.
  4. On the left, choose the user you want to reset 2FA for.
  5. In Reset two-factor authentication, click Reset.
    2FA in Piwik PRO
  6. Done! The user will now need to set up 2FA again on their new device.

Reset 2FA for yourself

Note: This only applies if 2FA is turned on for all users.

If you plan to change your phone or tablet with an authenticator app, be sure to reset 2FA and set it up again on the new device. This way you’ll keep access to Piwik PRO when you switch devices.

To reset 2FA for yourself, follow these steps:

  1. Get your old and new device ready.
  2. Download an authentication app for your new mobile device. Example: Authy, Duo Mobile, LastPass Authenticator and the like.
  3. Log in to Piwik PRO.
  4. Go to Menu > Profile.
  5. On the left, click Security.
  6. In Reset two-factor authentication, click Reset.
    2FA in Piwik PRO
  7. Open your authentication app on your currently connected mobile device to generate your six-digit code and enter it in Piwik PRO.
    2FA in Piwik PRO

    Note: If you can’t use your authentication app, you can use backup codes.

  8. On the next screen, you’ll see instructions and a QR code. Scan the code into your authentication app on the new mobile device.
    2FA in Piwik PRO

    Note: If you can’t use a QR code scanner, you can enter the secret key shown below the QR code.

  9. The app will give you a six-digit code. Type it into the input field in Piwik PRO.
    2FA in Piwik PRO
  10. On the next screen, you’ll see a list of backup codes. Save and store them in a safe place because they are not available anywhere else.
    2FA in Piwik PRO
  11. Voila! 2FA is set up on your new mobile device and you can use it to log in to Piwik PRO.

Turn off 2FA for all users

Note: Only owners can turn off 2FA for all users.

While we don’t recommend turning off 2FA, you can do so if you choose.

To turn off 2FA for all users, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Administration.
  3. Navigate to Account.
  4. On the left, click Account settings.
  5. Turn off 2FA for all users.
    2FA in Piwik PRO
  6. Done! From now on, users won’t need to use 2FA to log in to Piwik PRO. However, 2FA will continue to work for all users as long as they don’t turn it off in Menu > Profile > Security.

Turn on 2FA for yourself only

If your Piwik PRO account doesn’t have 2FA set globally, you can turn it on just for yourself.

To turn on 2FA for yourself only, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Profile.
  3. On the left, click Security.
  4. In 2FA via a mobile app, click Turn on.
    2FA in Piwik PRO
  5. On the next screen, you’ll see instructions and a QR code. Scan the code into your authentication app.
    2FA in Piwik PRO

    Note: If you can’t use a QR code scanner, you can enter the secret key shown below the QR code.

  6. The app will give you a six-digit code. Type it into the input field in Piwik PRO.
    2FA in Piwik PRO
  7. On the next screen, you’ll see a list of backup codes. Save and store them in a safe place because they are not available anywhere else.
    2FA in Piwik PRO
  8. All done! 2FA is set on your user account. From now on, when logging in, you’ll be asked for your email, password and then for a six-digit one-time password.

Turn off 2FA for yourself only

If you ever want to switch off 2FA just for yourself and 2FA is not set globally, you can do so with just a few clicks.

To turn off 2FA for yourself only, follow these steps:

  1. Log in to Piwik PRO.
  2. Go to Menu > Profile.
  3. On the left, click Security.
  4. In 2FA via a mobile app, click Turn off.
    2FA in Piwik PRO
  5. Enter the six-digit code from your authentication app to confirm the turn-off.

    Note: If you can’t use your authenticator app, you can use backup codes.

  6. Done! From now on, you won’t need to use 2FA to log in to Piwik PRO.

Was this article helpful?

Technical support

If you still have any questions, visit our community.
There’s always someone happy to help!

Back to help center