Multi-factor authentication is a helpful way to increase security, and we've now added the option to enforce MFA in the Couchdrop web app. 

It's important to note that enabling MFA does not restrict SFTP and FTP access, as it is only supported for the web app.

How MFA works in Couchdrop

Couchdrop supports MFA/2FA natively through an integration with Authy (by Twilio). All users can configure MFA in the Couchdrop Web App when they first log in to Couchdrop.  Authy supports SMS-based MFA and QR code authenticator apps like Microsoft Authenticator, 1Password, and Google Authenticator. 

If MFA wasn't configured during sign-up, users can add MFA or update settings in their user profile. 

Enforcing MFA 

As a new security option, Admins can now enforce the use of MFA in the admin panel. This is configured in the Security section under Password Policies. Check the Box to enforce MFA, which, when enabled, requires a user to configure MFA through SMS or an authenticator app before they can use the Couchdrop web app.