Set up Two-Factor Authentication

Smokeball offers Two-Factor Authentication (2FA) for increased security and peace of mind. Two-factor Authentication is the method for users to add additional security to their account by requiring  two separate, distinct forms of identification in order to access your account.

2FA Becomes Mandatory on October 31, 2025

Two-Factor Authentication will be required to log in to Smokeball from October 31, 2025 onward. Follow the steps in this article to set 2FA up.

Setting up 2FA

To get started with setting up 2FA, log in to the Smokeball Security Site: https://security.smokeball.co.uk/MFA 

Alternatively, you can access the Security Site from within Smokeball.

On the Smokeball Desktop App (for Smokeball Grow and Prosper+ firms):

  1. Select the Settings (gear) icon on the top-right corner to access Smokeball Settings.
  2. Select Staff & Users and double-click on the staff member's name.

  3. In the Edit Staff Member window, navigate to the Security section and click on Set up.

On the Smokeball Web App (for Smokeball Bill and Boost firms):

  1. Select the Settings (gear) icon and then select My Preferences. 

  2. Select Account Security.
  3. Select Enable 2FA.

 

Navigating the Smokeball Security Site

  1. Enter your Smokeball password.

  2. Follow the prompts in the 2FA setup wizard.

    image-20250910-224225.png

  3. Select your preferred method for 2FA, then select Next.

Setting up 2FA on an Authenticator App

You will be presented with some QR codes to download Google Authenticator for your device. Select Next if you already have an Authenticator app installed on your device.

You are not restricted to only Google Authenticator - other Authenticator apps such as Microsoft Authenticator will work too.

On your Authenticator app, choose the option to Scan a QR code. Point your device at the QR code on the screen, then select Next.

Enter the code displayed in your Authenticator app. Be quick, as the code will change to a new one after a short period.

Select Verify. If successful, you have completed setting up 2FA on your device. Continue the wizard to set up a Rescue Method.

Setting up 2FA on a browser extension authenticator

You will then be presented with some links to search for Authenticator browser extensions for your preferred browser.

You aren't restricted to only the named Authenticator extensions - other Authenticator extensions will work too.

Copy and paste the setup key into your extension, then select Next.

Enter the code displayed in your Authenticator extension. Be quick, as the code will change to a new one after a short period.

image-20250910-225040.png

Select Verify. If successful, you have completed setting up 2FA on your browser extension authenticator. Continue the wizard to set up a Rescue Method.

Setting up 2FA Rescue

Setting up a 2FA rescue method is mandatory in case you ever need to reset your authentication.

You must set up at least one of the following methods:

image-20250910-234159.png

Setting up your 2FA Recovery Phone Number

  1. Tick Recovery phone number.
  2. Enter your phone number in the field and select Add.

  3. You will receive an SMS text with a confirmation code. Enter the code and press submit. Select Edit if you need to change the phone number, or Resend code to receive a new confirmation code.

  4. You have now completed 2FA setup. You may also set up the rescue code recovery method, or select finish to complete the wizard.

Setting up your 2FA Recovery Rescue Code

The rescue code is another method for 2FA that can be used to recover and reset your 2FA account. Copy and save your rescue code in a secure location. You will not get another chance to see this code.

When you select I've saved my code, you will get a confirmation to double-check you have saved the code in a secure location. Select Yes, it’s safe to complete setting the Rescue Code recovery method.

You have now completed 2FA setup. You may also set up the phone number recovery method, or select finish to complete the wizard.

What to expect after setting up 2FA

Once 2FA has been enabled, you will now be required to verify yourself each time you log in to Smokeball (via desktop, billing or mobile).

2021_04_06_21_43_026.png

2FA will only be required when you are logged out of Smokeball. You will still be able to close and reopen Smokeball as normal without needing to log in. 

Smokeball is not accepting my code

If you are frequently experiencing an "Invalid Code" error when entering your verification code, ensure that the time on your mobile device and Windows/Mac device is in sync with global time. 2FA is sensitive to time differences, even by a few seconds. 

Recovering your 2FA

If you have lost access to your Authenticator App or browser extension authenticator, follow the steps below to reset your 2FA.

  1. On 2FA code entry, select Need help?

  2. Select your preferred recovery method. If you have only set up one method, you will be taken straight through to that method for recovery.

    • If you have set up a recovery phone number, we will send an SMS with a recovery code to the number you set up 2FA with.

    • Enter the code and select Verify. You will see the below confirmation message once complete. You must now proceed to set up your 2FA again before you can access Smokeball.

    • If you have set up a rescue code, enter it into the text box.

      image-20250911-000920.png

    • Select Verify. You will see the below confirmation message once complete. You must now proceed to set up your 2FA again before you can access Smokeball.

Good to Know

  • For security reasons, you are required to verify yourself every time you log in.
  • There is no option to remember your device.
  • You can view your colleagues' 2FA status in the staff and users tab, but their personal information will not be visible.
  • You must enable 2FA for yourself only.
  • We recommend using the Google Authenticator app for authentication, but any authenticator app will work.
  • You can stay logged in to your Smokeball session for up to 6 months. After this, you will be forced logged out and must log back in again to access Smokeball.
  • You will receive a notification seven days before the password expiry, prompting you to reset your password. If you fail to reset your password, you will receive a notification indicating that you are working offline and need to reset your password.
  • If you have lost your 2FA device or do not have access to the authenticator, contact our Support Team to regain access to your account.
Was this article helpful?
18 out of 45 found this helpful

Articles in this section