We highly recommend enabling Two-Factor Authentication (2FA) on your account for added security. Before proceeding, please read this entire article to fully understand how it works.
With 2FA enabled, your account will be more secure when logging in, updating personal details, or accessing sensitive data. An additional verification step will be required during login. Instead of just entering your credentials, you’ll also need to input a unique, one-time code sent to you via SMS. This ensures that even if someone obtains your password, they won’t be able to access your account without the verification code.
Two-factor authentication provides many business benefits, including improved security. By requiring a second form of identification, SMS-2FA decreases the probability that an attacker can impersonate a user and gain access to your computer, account, or other sensitive resources.
How do I enable 2FA?
1. Go to Admin> Login Users> 2FA Settings. If you have multiple users on your account this will work on a Per User basis so this will need to be enabled separately for each individual user.
2. Click "Setup 2FA", enter your password and "Confirm".
3. Press "Confirm" again to select Mobile number as your 2FA method.
4. Enter your country and mobile telephone number then click "Confirm":
5. You will receive a one-time password to your mobile with a six digit unique code. Please enter this code in the spaces provided then click "Verify". This step ensures you have entered the correct phone number.
Verification codes are typically delivered within one minute
If it doesn’t arrive within that time, you can click "Resend code" to try again.
Make sure your phone has a signal to receive the code successfully.
6. Select an option to download your backup codes. You’ll need to do this before you can finish the setup process.
What is a back up code and why is it important?
A backup code is a one-time use code that allows you to access your account if you’re unable to use your usual method of Two-Factor Authentication (2FA)—for example, if you lose access to your mobile device.
It's a safety net to ensure you can still log in securely, even if your primary 2FA method is unavailable.
Important: Store your backup code in a safe place. You'll need it to regain access if you can’t complete 2FA in the future.
7. Click "Complete setup". 2FA is now successfully enabled on your account.
8. Next time you login to SuperControl you will be sent a six digit code via text message which you will be required to enter to login.
1. Log into SuperControl using your username and password.
The next step is the security challenge where you would normally enter your six digit code. If you don't have access to your mobile phone click "Use backup code":
2. Enter one of your backup codes that you previously saved in a secure location and enter it in the space provided and click "Submit code". You should now be logged in successfully.
A back up code can only be used once. Once it has been used it will flag as being used so you know not to use it again. You will be provided with 16 unique back up codes. After all codes have been used, you’ll have the option to reset them and generate a new set—be sure to store the new codes somewhere safe.
If Two Factor Authentication (2FA) is enabled on your account this is where you will be prompted to enter an SMS code:
- When logging into your account.
- When changing any personal details in Admin> General details. i.e email, telephone number and address.
- When downloading your database in Admin> Maintenance> Download Database.
- When changing or adding a user login.
- When changing the phone number used for password reset and notifications.
- When changing security questions used for password reset.
SMS limits
Currently per user there is a limit of 6 SMS login codes that can be sent per hour. Once this limit has been exceeded you will need to wait 60 minutes before logging into your account again. This is to comply with security regulations.
Receiving your SMS
Your unique code being sent to your mobile device is reliant on telephone signal. You cannot receive the code without this. If you are unable to receive the SMS code, you can use one of the backup codes you have downloaded.
Ticking this option when logging in means we will remember the device and the browser you are using and we will not ask you to validate via SMS for another 30 days when logging into SuperControl. As long as nothing changes with your device / browser and our cookies remain.
Please note that we will prompt you to re-validate before the 30 days if you clear your cookies/cached data on your browser and device.
1. Go to Admin> Login Users> 2FA Settings
2. Click the bin icon next to your mobile number, enter your password and click "Delete":
