Multi-factor authentication (MFA) protects your Smartling account by requiring a second verification step. When you attempt to log in, a verification code is automatically sent to your user email address. This code must be copied from your email to the empty field on the authentication page. This second step ensures your account remains secure, even if your password is compromised.
All new users have email-based MFA enabled by default. Once you successfully log in to Smartling, you have the option to switch to app-based MFA. You can change the type of MFA used for your account at any time through your Profile page.
How to log in with email MFA
- Go to dashboard.smartling.com
- Enter your user email address and password, and click Login.
- This is your user email address that the verification code will be sent to.
- Ensure this is an active user email address (meaning you have completed your Smartling account registration) and that you have access to the inbox to follow instructions.
- Check your user email inbox and find the email from Smartling. Copy the 6-digit verification code.
- The code is valid for 10 minutes.
- The code is valid for 10 minutes.
- Enter the verification code in the empty field in the Smartling authentication page and click Submit.
- Once authentication is successful, you won't need to complete the two-step verification on this browser for 30 days.
How to switch to app-based MFA
Instead of using the default email-based MFA, you can switch to app-based MFA with a free one-time password (OTP) tool, such as Google Authenticator or FreeOTP.
To enable app-based MFA:
- Go to dashboard.smartling.com and log in to Smartling as you do normally.
- This may require you to use email-based MFA for the purpose of initial log in.
- Click the dropdown menu next to your name and select Edit Profile.
- Under Multi-factor Authentication Type, choose Authenticator App from the dropdown menu.
- A pop-up window will appear asking you to Confirm the MFA Change.
- After clicking Confirm, you will be logged out, and a verification code will be sent to your email. This security step ensures the change is verified.
- Check your user email inbox for the email from Smartling. Copy the 6-digit verification code.
- The code is valid for 10 minutes.
- The code is valid for 10 minutes.
- Enter the verification code on the Smartling authentication page and click Submit.
- You will then be directed to the Multi-factor authentication page.
- Open your authentication app and scan the QR code or enter the key manually. Then, enter the authentication token generated by the app and click Submit.
- Next, you will see your list of backup codes, which you can Copy for safekeeping.
Be sure to store these recovery codes in a secure location in case your authentication device is lost or stolen.
- Click Complete.
- You will now see Authenticator App listed under Multi-factor Authentication Type on your Profile page.
- You will now see Authenticator App listed under Multi-factor Authentication Type on your Profile page.
- The next time MFA is required, you will be directed to enter a one-time code generated from your authenticator app.
Important Considerations
Every 30 days
When you complete the MFA process, an authentication cookie is set in your browser. This cookie remains in your browser for 30 days. This means that you will only have to complete the MFA verification process every 30 days, if you do not clear your browser cookies.
If you clear your browser cookies, you will need to complete the MFA verification to log in to Smartling.
If you use a different browser or different device, you will have to complete the MFA verification process on the new browser/device.
Verify in 10 minutes
The one-time verification code that is automatically sent to your login email address is valid for 10 minutes. This means you have 10 minutes to use the authentication code provided.
If more than 10 minutes have passed since the verification code was sent, you must request a new code by clicking Resend on the authentication page.
5 Attempts
You have 5 attempts to enter the correct and valid (unexpired) authentication code. If you make 5 unsuccessful attempts to authenticate, your account will be locked.
Locked Accounts
If your account is locked because of 5 unsuccessful attempts, you must wait 10 minutes before logging in again. Any login attempt made during these 10 minutes will restart the timer. Please wait for the complete duration to avoid extending the lockout period. After 10 minutes pass, you can resend a new code and reattempt verification.
2 Resends per minute
Resending a verification code more than twice per minute will disable the resend button. If the two resends failed, you must wait 30 seconds to resend another code. After 30 seconds pass, you can resend a third code and reattempt verification.
Shared accounts
Smartling strongly advises against sharing login credentials. Not only could this lead to security breaches, but it also prevents the shared users from maximizing the benefits of Smartling, such as personal email notifications, custom dashboards, user action history, etc.
As a part of standard security practices, Smartling periodically enforces password resets every 90 days. Shared accounts will often encounter issues with the password reset process, as one user may not know the new password and attempt to reset it again.
This ultimately leads to delays in work.
There is no limit to the number of users you can have on an account. We strongly recommend adding each individual user to Smartling to reduce risk of security breaches, authentication issues, or delays in work. If you do use a shared alias and encounter issues with MFA please see our FAQ here on how to address this.
FAQ
Why do I now need to log in with MFA?
Smartling has introduced MFA to enhance user account security by addressing common threats like phishing attacks, credential stuffing, and account takeovers. MFA is an additional security layer that mandates users to provide multiple pieces of evidence or factors during the login process to verify their identity. The first step is to provide something you know, like your username and password, and the second step requires verification with something you have in your possession, such as a unique verification code sent to your email.
I didn't receive the verification email. What do I do?
The verification email is sent from the same email address as all email notifications from Smartling, <noreply@smartling.com>. If you do not receive emails from Smartling:
- Ensure <noreply@smartling.com> is a safe sender in your email.
- Check your spam folder for the verification email from Smartling.
- If your inbox has automated rules for emails from Smartling, ensure to check the folder where these emails typically go.
- Contact your IT team to troubleshoot unblocking the emails from your network.
If I access Smartling via the API or SSO, will I need to authenticate with MFA?
No. Currently, the only users who need to authenticate with MFA are those that log in with an email address and password.
What should I do if I can't access the inbox associated with my login email address?
The person in your organization that has access to the inbox will have to forward you the verification email within the 10-minute window. We recommend contacting the person who supplied you with the email address before you attempt to log in, so they are aware and are ready to forward you the verification code. For example, if you received your login email address from a translation agency, please contact the agency for help accessing the inbox and verification code.
I've switched to app-based MFA, can I go back to using email-based MFA instead?
Yes, you can change the type of MFA for your account at any time through your Profile page. Simply click the dropdown menu and select the MFA type you'd like to use. A pop-up window will appear, asking you to confirm the change. After confirming, you will be logged out, and a verification code will be sent to your email. This security step ensures the change is verified.
I've lost my MFA device for app-based MFA. What should I do?
If you no longer have access to your MFA device, you have two options:
- Use your recovery codes to log in. Once logged in, change your MFA type to Email on your Profile page. Then, you can follow the steps above to switch to app-based MFA using a new device.
- If you've also lost your recovery codes, contact Smartling Support for assistance.
Tip: If you encounter authentication issues not covered in this article, contact Smartling Support.