Authenticator App MFA And Email Sign-In Codes
Secure admin accounts with an authenticator app or a one-time code emailed at login, adding a strong second factor to the CMS.
Admin accounts now have a stronger second layer of protection at sign-in. You can pair an authenticator app for multi-factor authentication, or have a one-time code sent to your email each time you log in. Either way, a password alone is no longer enough to reach your CMS, which keeps content and settings safer if a password is ever lost or shared.
Two ways to add a second factor
Set up an authenticator app from your account settings by scanning a QR code or entering the setup key by hand, then confirming with a code from the app. Once enabled, you enter a code from your app at each login. If you do not use an authenticator app, the CMS emails you a one-time code to enter instead, so every account is covered.
A login flow built to be safe
The sign-in flow is hardened against guessing: codes expire, repeated wrong attempts are blocked, and a code can only be used once. Sign-in cookies are only set after the second factor succeeds. When you set up an authenticator app, you also receive recovery codes to keep in a safe place in case you lose access to the app.
Clearer authentication emails
Login code emails have been refreshed with consistent Basker branding, so the messages you receive at sign-in are easy to recognise and trust.