To add another layer of security to your Breww account, you can require that all users have 2-factor authentication (2FA) enabled, meaning that users will need a one-time code every time they log in, or an individual user can set this up to apply to their user login only.
A brewery admin can access this by heading to Settings → Users & security settings. At the bottom, you will see a section called Security settings, giving the option to mark Require all users to have two-factor authentication enabled. Check this box, and all users registered to the brewery account will now require a one-time code through an authentication app.
The next time a user logs in, they will be asked to scan a QR code with a 2FA token generator of their choice. We recommend Google Authenticator or Authy (but we’re compatible with most apps of this nature). Once you have scanned this, it will present a one-off token to type in.
This will enable you to access your account. Once in, there will be an option to Generate backup tokens. Backup tokens can be used instead of regular tokens generated using your authentication app. If you lose your phone and cannot load the standard time-based codes, backup tokens can be used to get back into your Breww account and re-set up 2FA on your new device. Each backup token can only be used once, so keeping these safe is essential!
You also have the ability to give the user a choice of whether they want 2FA on their user profile. They can do this by heading to their profile icon on the top right of the screen and selecting Profile. They can then choose Manage 2FA and follow the above principles!
If you currently have 2FA set up, but would like to turn this off, you can head to the Manage 2FA page and select Disable two factor authentication. If an admin has set to require all users to have 2FA enabled, an individual user will not be able to override this, and the admin would have to follow the steps under Require 2FA for all users, and uncheck the box.
Once you have selected to disable 2FA, you will be required to enter a final 2FA security token.