To improve security, rezStream Cloud uses Multi-Factor Authentication which will occasionally prompt you to verify the device you are working on and send you an email with a verification code when you sign in. This helps protect your account and data if your username and password are compromised, guessed, or exposed.
We understand that having to check your email every time you sign in would be cumbersome, so we have built this in such a way that with regular usage you should rarely see this screen.
You should expect to see it in the following cases:
- You are using a new device (phone, tablet, computer, etc.) to sign into rezStream Cloud.
- You are using a new browser to sign into rezStream Cloud.
- It has been more than a month since you used your current device or browser to sign into rezStream Cloud.
- You have recently cleared the cookies in your browser.
Multi-Factor Authentication (MFA) is a now common security mechanism that requires a user to provide two (or more) verification "factors" to gain access to an application. The different factors include:
- Something you know - typically your username and password
- Something you have - like your phone or a verification code that only you can get via your email or an app that you control that generates these codes
- Something you are - like a fingerprint, voice, or facial recognition
A user that can provide two (or more) of these factors when signing in dramatically reduces the chances that a hacker can access their account because while that hacker may get access to one factor (like a password), it is much more difficult for them to compromise the additional factors.
How does rezStream Cloud use MFA
rezStream Cloud will require MFA via a verification email when you sign into rezStream Cloud from a device that we don't recognize (as described above). In other words, a computer, phone, or tablet web browser that either you've never signed in from before or one that you haven't used in a long time. After you verify that it is really you signing in on this new device, we save some information about that device/browser so that we can recognize it when you sign in on that device in the near future.
So, if a hacker does compromise your username and password somehow, they couldn't sign in to your account because they will be attempting to access your account from a device that you've never used and therefore will require MFA to gain access.
CAUTION: If you are re-using the same password for both rezStream Cloud and your email (or any other applications), we strongly suggest you change all those re-used passwords immediately. It is strongly recommended that you have a unique password for every app you use to improve the effectiveness of MFA. You might want to consider using a "Password Manager" application to generate and securely store (and in most cases, auto-fill) these unique passwords.
What if I can't find the email with the code?
While we do our best to make sure our emails are delivered properly, sometimes even our messages may end up in your spam folder. If you still cannot find it in the spam folder it's possible that the email failed to send. In that case, you can click the Send New Code link under the timer.
If you still cannot find the message please contact our support team. They will be able to verify your access and help you sign in.
What if I can no longer access the email address on my account?
You will have to contact our support team if you no longer have access to your account's email address. They will be able to help you update your email address and regain access.
Why do I have to enter an authentication code every time I log in?
Please refer to our troubleshooting guide if you are prompted for authentication codes every time you log in.