Two Factor Authentication has become a ubiquitous security feature and a must-have for many organizations. Nutshell’s lack of this feature was a deal breaker for many prospective customers, so adding support for it was a high priority. Developing the front end for this feature was the first major project at Nutshell I was assigned independently.
I worked with our product designer Hana who handed off the design spec for the feature, and after some back-and-forth, I knew exactly what the end product should look like. I also worked with Nico and Flavio, who implemented the backend functionality to support the feature.
With two-factor authentication enabled, users are prompted to verify themselves with a one-time code before logging in. Users can configure this code to be sent via text message or generated with a 2FA app such as Google Authenticator or Duo. Users are given a list of recovery codes after successfully configuring two-factor authentication. Each of these codes is for one-time use and can be used to regain access to the account if the usual two-factor authentication method is unavailable or lost. These codes can be regenerated at any time but are only presented once, so users are required to copy or print the codes before continuing. Administrators can enforce two-factor authentication for all accounts in the organization. If enabled, users will be required to configure 2FA the next time they log into Nutshell.