Getting Started with Shadow PC Gaming

Getting Started with Shadow PC Enterprise

Getting Started with Shadow Drive

Account Management

Authentication

My Information & Subscription

Payment

Contact Support

How does Two-Factor Authentication (2FA) work on Shadow?

Updated 

Shadow gives you the possibility to use two-factor authentication (2FA) to provide additional security to your account. Two-factor Authentication is optional and disabled by default on your account.

It adds a verification step whenever you are about to perform a security-sensitive operation.

On the other hand, single-factor authentication (password only) is easier to breach, making your account more vulnerable to malicious actors, phishing, and malware.

Is Two-Factor Authentication Required?

For now, Shadow doesn’t have any plans to make Two-Factor Authentication mandatory for accessing any of your services.

However, we strongly recommend enabling it to provide an additional security layer to your Shadow account.

Which actions require 2FA when it is enabled?

If you enable Two-Factor Authentication, it will be required whenever you need to log in to perform an action.

For example:

  • When you log into any of your services (Shadow Drive or Shadow PC)

  • When you update your password to recover your account.

Note: Enabling two-factor authentication (2FA) is unnecessary when changing your password directly within your Account Page (account tab) while already logged in.

How to set up Two-Factor Authentication?

You can set up one or several Two-Factor Authentication methods via your Account Page.

See below the methods available with Shadow and how to set them up:

Authenticator Mobile Applications with Time-based One-Time Password (TOTP):

These applications generate a code that changes every 30 seconds.

Examples of applications you can use:

Open the "Account" tab in your Account Page.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Click "TOTP Authenticator app".

Use your authentication app to scan the provided QR code or manually enter the secret code.

Input the first generated code from your authentication app into the corresponding field at the bottom to activate 2FA for your account.

On-device Authenticators & External FIDO2 Devices:

On-device authenticators (such as biometric sensors*1) and external devices (such as USB security keys) are using the WebAuthn protocol to provide secure and convenient authentication.


*1 Biometric sensors: Biometric sensors are a type of technology, either mechanical or electronic, that captures biometric data (such as the face, palm print, or iris) digitally and converts it into a biometric template. For instance, a device's camera can function as a biometric sensor for the face.

Your external device should be certified FIDO2 to be compatible with the WebAuthn protocol and work as a 2FA method on Shadow.

Examples of On-device Authenticators & External FIDO2 Devices:

Yubikeys

TouchID (iOS/macOS)

Set up your On-Device Authenticator or External Device.

Access the “Account” tab of your Account Page on Shadow.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Select "Hardware Tokens and Biometrics".

Specify a name for your "On-Device Authenticator" or "External Device" in the text field.

Click on "Add a secret key" and follow the step-by-step instructions displayed on your screen to finalize the setup.

Recovery Codes (How to plan a fallback solution if you loose access to your selected 2FA method(s))

The Recovery Codes are One-time use codes generated by Shadow that can be used to complete the second verification step when you loose access to your selected 2FA method(s).

We recommend to enable this feature and back up the codes in order to use them if you lose access to your selected 2FA method.

To ensure maximum security, we recommend to periodically re-generate those codes. To generate new codes, follow the instructions below.

Open the "Account" tab within your Shadow Customer Space.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Select "Manage your backup recovery code".

Click on "Generate new backup recovery codes" to generate a set of recovery codes.

Safely store the provided codes in a secure location.

Confirm and activate your backup codes by clicking on "Confirm backup recovery codes."

Note: If you forget to click the confirmation button, the backup codes won't work for the second verification step.

Note: Ensure you don’t run out of valid back-up codes when enabled.

How to disable Two-Factor Authentication

You can disable one or several 2FA methods on your Customer Space.

If no 2FA method is enabled, Two-Factor Authentication will be disabled.

Access the “Account” tab of your Account Page on Shadow.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Select "TOTP Authenticator App".

Click "Unlink TOTP Authenticator App".

Access the “Account” tab of your Account Page on Shadow.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Select "Hardware Tokens and Biometrics".

Click on “Remove.

Access the “Account” tab of your Account Page on Shadow.

Navigate to the "Security Settings" section and click "Manage my Security Settings".

Select "Manage your backup recovery code".

Click “Disable this method”.

FAQ

You won’t be able to log into your Shadow account if you loose access to all your authentication methods.

We invite you to contact Support in order to proceed with an identity verification.

We recommend to generate new Recovery Codes. You can also follow the instructions below to see your current Recovery Codes:

  • Access the “Account” tab of your Account Page on Shadow.

  • Navigate to the "Security Settings" section and click "Manage my Security Settings".

  • Select "Manage your backup recovery code".

  • Click “Reveal backup recovery codes”.

Still have questions after reading this article?

Check out our other articles or contact Shadow Support.