Contentstack
Changelog

Multi-Factor Authentication

Multi-Factor Authentication (MFA) is an essential security measure that adds an extra layer of protection to your Contentstack account. By requiring a second form of verification—typically a Time-based One-Time Password (TOTP) generated by an authenticator app—MFA reduces the risk of unauthorized access, even if your password is compromised.

We strongly recommend enabling MFA to safeguard your Contentstack account and its associated resources.

Note: Once MFA is enabled for a user, it cannot be disabled. Additionally, if your organization’s owner or admin enforces MFA, all users get prompted to set it up during their next login.

Enable MFA

To enable MFA, log in to your Contentstack account and perform the following steps:

  1. Click the "Profile" icon in the top-right corner of the dashboard and select Profile from the dropdown.
  2. Click the Security tab in the left navigation panel.
  3. Under Multi-Factor Authentication, click Enable.
  4. A modal window appears with a QR code. Open an authenticator app (e.g., Google Authenticator, Authy, 1Password, Microsoft Authenticator, or any authenticator app). Scan the QR code or manually enter the code displayed under it. Then, click Next.
  5. Enter the 6-digit code generated on your authenticator app.
  6. Click Verify to complete the setup.

Reset MFA

To reset your authentication method (e.g., switching to a new device or app):

  1. Go to your Profile > Security tab and click Reset MFA under Multi-Factor Authentication.
  2. Enter your current password when prompted and click Continue.
  3. A new QR code gets generated. Use your new authenticator app to scan the code or manually enter the secret key and click Next.
  4. Enter the latest 6-digit code from your new app and click Verify to finalize the update.

Note: If you lose access to your authenticator app or face issues with logging in to Contentstack, reach out to our support team for assistance.

Once enabled, you will be prompted to enter your password and a time-sensitive code from your authenticator app to access Contentstack.

More articles in "Authentication and Security"