Two-factor authentication (also known as 2FA) increases the security of your CrashPlan for Small Business environment by requiring users to provide additional verification before accessing the CrashPlan console.
Two-factor authentication uses the Time-based One-Time Password (TOTP) algorithm and a 160-bit secret key for each user. We tested the applications listed below, but any TOTP application should work.
- Two-factor authentication affects access to the CrashPlan console. It does not affect access to the CrashPlan app on user computers.
- To reset two-factor authentication for a user, you must sign in to the CrashPlan console as a CrashPlan for Small Business administrator. If you're not a CrashPlan for Small Business administrator, contact your organization's administrator.
Set up two-factor authentication
Users are required to set up their account the next time they sign in. Future sign-ins only prompt users to obtain the verification code from the Google Authenticator mobile app or Authenticator browser plugin.
Sign out to complete setup
Two-factor authentication will not prompt to complete setup until the user is signed out and attempts to sign in again. To sign out of your account, click the user profile icon in the top-right corner of the screen and select Sign out from the dropdown menu.
- Upon signing in to the CrashPlan console, the Set Up Two-Factor Authentication message appears.
- Using your authenticator, scan the QR code provided (see sample below) or manually enter the displayed code in your authenticator.
- In the Enter 6-digit verification code field, enter the verification code displayed in your authenticator mobile app or authenticator browser plugin.
- Click Sign In.
Reset two-factor authentication for lost, stolen, or new devices
If you've been using two-factor authentication, then need to reset it because a device is lost, was stolen, or you have a new device, follow the instructions below. Resetting two-factor authentication for a user invalidates the secret used to generate the user's TOTP, and prompts the user redo the initial configuration steps upon the next sign-in attempt.
Reset from the sign in page (recommended)
- Go to the CrashPlan console.
- Enter your username or email address.
- Click Don't have your code?
- On the next screen, enter your username/email and password and click Reset Two-Factor Authentication.
An email is sent to the email address associated with your user containing a one-time link to log in. After entering your username and password again, you'll be prompted to redo the initial configuration steps.
Reset from the web console (Administrators only)
- Sign in to the CrashPlan console.
- Select Users.
- Select a user.
- From the action menu in the upper-right, select Reset two-factor Authentication.
This invalidates the secret used to generate this user's TOTP and prompts the user redo the initial configuration steps upon the next sign-in attempt.
Two-factor authentication FAQ
Can I turn off two-factor authentication?
Two-factor authentication cannot be disabled for any reason. If you need to reset your two-factor authentication, see Reset two-factor authentication for lost, stolen, or new devices.
I don't have a smart phone to use for two-factor authentication
Two-factor authentication can be set up on other mobile devices as well (such as an iPad). Those who do not have a suitable device or want to use an alternative method to authenticate can install a browser plugin to display the two-factor authentication code in their browser. We tested Authenticator.
Do I have to use Google Authenticator for two-factor authentication?
While we only test on Google Authenticator and the Authenticator browser plugin, any Time-based One-Time Password (TOTP) application should work.
Can I set up two-factor authentication on multiple devices?
Yes. To set up, scan the QR code or manually enter the code presented when first setting up two-factor authentication on all the devices you want to use for authentication. Multiple devices should not be used to allow multiple users to log into a single account.
I'm getting an invalid code error when setting up two-factor authentication
There are a few reasons that an "invalid error code" might occur:
Setup is incomplete
If your login session expires before you complete setup, you'll be presented with a new code when signing in and the code you previously entered into your authenticator is no longer valid. To resolve:
- Remove the CrashPlan account previously added to your authenticator. Do not skip this step.
- Refresh the sign in page in your web browser and sign in again, if prompted.
- Scan the QR code or manually enter the code as a new account in your authenticator.
- Enter the verification code from your authenticator in the last step of the sign in screen.
Entering a code from a different account
If you have multiple two-factor authentication accounts set up in your authenticator, you might accidentally enter the code corresponding to a different account. Double-check the account associated with the code you are using and try again.
Device time is out of sync
If your device times are not accurate, the authentication process may fail. Check your device time at https://time.is/. If the device time is off, ensure the time is set automatically: