6_4ee4f2.png)
Two-Factor Authentication
How to set up 2FA on shookout — authenticator app, SMS, backup codes, and how to recover access if you lose your device
What is 2FA and why it matters
Two-Factor Authentication (2FA) adds a second verification step to your login. Even if someone obtains your password, they cannot access your account without the second factor — a code from your phone or authenticator app.
When you log in with 2FA enabled:
- Enter your email and password as usual
- The system asks for a 6-digit code
- Enter the code from your authenticator app or SMS
- Access is granted
2FA protects your account even if your password is leaked or guessed. It is especially important for sellers — your earnings balance is only accessible through your account.
Available 2FA methods
Authenticator App
Generates 6-digit codes locally on your device, refreshing every 30 seconds.
- Most secure method
- Works without internet
- Free
- Recommended
SMS
A 6-digit code is sent to your phone number as a text message.
- No app required
- Easy to set up
- Vulnerable to SIM-swap attacks
- Does not work without signal
Backup Codes
One-time codes for emergency access when your primary device is unavailable.
- Always work
- No device needed
- 10 codes, each single-use
- For recovery only
Recommendation: Use an authenticator app as your primary method and save backup codes in a secure location. SMS can serve as a fallback.
Setting up an authenticator app
Step 1: Install an authenticator app
Any TOTP-compatible app works. Popular options:
- Google Authenticator — free, simple, iOS & Android
- Microsoft Authenticator — iOS & Android, supports cloud backup
- Authy — iOS, Android, Desktop, multi-device sync
- 1Password — best if you already use a password manager
Step 2: Enable 2FA in your account
- Open My Account → Password & 2FA
- Find the Two-Factor Authentication section
- Click Enable 2FA
- Select Authenticator app
- Enter your current password to confirm
Step 3: Scan the QR code
- A QR code appears on screen
- Open your authenticator app and tap + or Add account
- Select Scan QR code and point the camera at it
- shookout.com appears as a new entry in the app
If you cannot scan the QR code, click Enter code manually beneath it, copy the secret key, and enter it manually in the app. Set the type to Time-based.
Step 4: Verify and confirm
- Find the shookout.com entry in your app — it shows a 6-digit code that refreshes every 30 seconds
- Enter this code on shookout and click Confirm
- 2FA is now active
ℹ️ If the code is not accepted, check that your phone's time is set to automatic sync. An incorrect system clock produces wrong codes.
Step 5: Save your backup codes
- After confirming, a list of 10 backup codes is shown — this is the only time they are displayed in full
- Click Download codes to save a .txt file, or copy them manually
- Store them securely — see the Backup Codes section below
Critical: Without backup codes and without your phone, you will be locked out of your account. Save them now before leaving this screen.
Setting up SMS 2FA
- Open My Account → Password & 2FA
- Click Enable 2FA and select SMS
- Enter your phone number in international format (e.g. +15551234567)
- Click Send code — a 6-digit code arrives by text
- Enter the code and click Confirm
- Save your backup codes
SMS limitations to be aware of:
- Delivery can take 1–5 minutes
- May not work abroad or in roaming
- Vulnerable to SIM-swap attacks — do not rely on SMS as your only 2FA method
Logging in with 2FA
Standard login
- Go to shookout.com and click Log in
- Enter your email and password
- When prompted, open your authenticator app and enter the 6-digit code
- Click Confirm — you are in
Remember this device
At the 2FA prompt you can check Remember this device for 30 days. The code will not be required again on this device for 30 days. New or unrecognised devices always require a code.
To manage trusted devices go to My Account → Devices — you can see all trusted devices and remove any of them.
Logging in with a backup code
- At the 2FA prompt click Use backup code
- Enter one of your saved codes
- The code is consumed and can no longer be used
Each backup code is single-use. When you have 2–3 remaining, generate a new set before they run out.
Backup codes
Backup codes are emergency one-time codes for situations where your primary device is unavailable — lost phone, dead battery, phone reset, or no mobile signal.
Code format
- 10 codes included, format
XXXX-XXXX - Letters and digits, case-insensitive
- Each code is single-use
Where to store backup codes
Safe options:
- A password manager (Bitwarden, 1Password, etc.)
- An encrypted note or file
- Printed and stored in a safe place at home
Avoid:
- Unprotected notes on your phone
- Plain text files on your desktop
- Email drafts or screenshots in your gallery
- Unencrypted cloud storage
Generating new backup codes
- Open My Account → Password & 2FA
- Find Backup codes and click Generate new codes
- Confirm the action — existing codes are immediately invalidated
- Save the 10 new codes
Tip: Refresh your backup codes every 6–12 months, or immediately after using one for recovery.
Managing 2FA
Adding a second method
- Open My Account → Password & 2FA
- Click Add method and select SMS
- Follow the SMS setup steps above
Disabling 2FA
- Open My Account → Password & 2FA
- Click Disable 2FA
- Enter your password and a valid 2FA code to confirm
Disabling 2FA significantly reduces your account security. Not recommended, especially for sellers.
Recovering access
Lost your phone?
Option 1 — Backup code: at the 2FA prompt click Use backup code, enter a saved code, log in, then immediately reconfigure 2FA on your new device and generate fresh backup codes.
Option 2 — SMS (if set up): at the 2FA prompt select Receive code by SMS.
Option 3 — Contact support: if you have neither backup codes nor SMS access, click Can't log in on the login page and select Issue with 2FA. You will need to provide identity verification. The support team responds within 24–48 hours — the recovery process may take several days.
Changed your phone number?
- Log in using your authenticator app or a backup code
- Open My Account → Password & 2FA
- Find the SMS method and click Change number
- Enter your new number and verify with the code sent to it
Resetting your phone?
A factory reset deletes your authenticator app and all its entries. Before resetting:
- Make sure your backup codes are saved and accessible
- Use Authy or Microsoft Authenticator — both support cloud backup so your entries are not lost on a reset
- After resetting, reconfigure 2FA from My Account → Password & 2FA
Frequently Asked Questions
Is 2FA required on shookout?
It is not mandatory, but strongly recommended — especially for sellers. Your account controls your earnings balance.
Can I use one authenticator app for multiple accounts?
Yes. You can add as many accounts as you like to a single app — each appears as a separate entry.
What if the code is not accepted?
Check that your phone's clock is set to sync automatically. An incorrect system time produces invalid codes.
Can I use 2FA on multiple devices?
Yes — scan the same QR code on multiple devices, or use Authy which syncs across devices via cloud backup.
What if I lost my backup codes and still have account access?
Go to My Account → Password & 2FA → Backup codes → Generate new codes immediately.
Is cloud backup in the authenticator app safe?
Yes, provided your authenticator account itself has a strong password and 2FA enabled. Authy and Microsoft Authenticator both offer this.
Do I need to enter a code on every login?
Not on trusted devices — checking Remember this device for 30 days skips the code prompt for 30 days.
Support asked for my 2FA code — is that normal?
No. Real shookout support will never ask for your 2FA codes or password. Anyone asking is a scammer.
Protect your account now
Setting up 2FA takes under 5 minutes and protects your account and earnings.
Enable 2FA