Skip to main content

Managing 2FA for Your Team in Goodshuffle Pro

Learn how to set up and manage two-factor authentication for your team, including requiring 2FA, handling lockouts, and generating backup codes for team members.

Written by Sierra Burton
Updated over 2 weeks ago

This feature is available on all Goodshuffle Pro Plans.

👥 Who this article is for

  • Account Owners and Admins managing a team of two or more people

  • Businesses where staff share devices or work from a shared office computer

  • Any account that has hit the $50,000 online payment threshold (2FA is mandatory for Admins and Account Owners)- 2FA is mandatory for all Admins and Account Owners and cannot be disabled.

The Golden Rule: One Login Per Person

This is the single most important thing for 2FA to work correctly in a team setting.

⚠️ Shared logins break 2FA When multiple people share a single login, only one person receives the 2FA code when someone tries to log in. Everyone else gets locked out. This is not a bug — it's how 2FA works by design.Sharing logins also compromises security and accountability, making it difficult to track individual actions within the system.

The fix is simple: give every team member their own login.

  1. Go to Account Settings

    1. From your Dashboard, click Account in the left-hand menu

  2. Open Users / Subscriptions

    1. You'll see a list of current team members and available seats

  3. Invite a teammate

    1. Click Add User and enter their email address. They'll receive an invitation to create their own login.

  4. Assign a role

    1. Choose their role: Admin, Full User (Sales), Limited User (Crew), or Read-Only

💡 Tip: Temporary or seasonal hires

Add a monthly seat and deactivate it when they're done. Monthly seats can be added and removed without affecting your core subscription.

Requiring 2FA for Your Entire Team

As the Account Owner, you can require all team members to enroll in 2FA. The next time they log in, they'll be prompted to set it up before accessing the account.This requirement ensures that sensitive business data, payment information, and client contracts are protected.

  1. Enroll yourself first

    1. You must have 2FA active on your own account before you can require it for others

  2. Go to Account Settings → Security

    1. Look for the Require Two-Factor Authentication for your team toggle

  3. Enable it

    1. All team members will be prompted to enroll the next time they log in

What Happens When a Team Member Gets a New Phone

If a team member switches phones without transferring their authenticator app first, they'll be locked out.

If they still have their old phone

Have them follow the transfer steps in Manage 2FA Recovery & Setup before wiping the old device.

If they no longer have their old phone

As an Account Owner, you can generate a new recovery code for them:

  1. Go to the Subscriptions tab

    1. In your Account Settings

  2. Find the team member

    1. Click the three dots to the right of their name

  3. Click "Generate Backup Code"

    1. A new 16-digit recovery code will be displayed

  4. Share it securely

    1. Send it via a secure method — not public chat or unencrypted email. Remind them to save their new code after re-enrolling.

⚠️ Account Owners cannot generate a code for themselves

If you're the Account Owner and lost your own recovery code and phone, contact support via the blue chat bubble.

Shared Office Computers — How to Handle "Trust This Device"

If your team works from a shared office computer, "Trust this device for 30 days" can reduce friction — but only if used correctly.

✅ Safe to use "Trust this device" when:

  • The computer is in a locked office that only your team can access

  • The computer requires a password to log in

  • The specific browser profile is only used by one person

🚫 Do NOT use "Trust this device" when:

  • The computer is accessible to the public, clients, or delivery personnel

  • Multiple people use the same browser profile on the computer

  • The computer is in a common area like a warehouse floor or front desk

🔄 Important: the 30-day trust resets when:

  • The 30 days expire

  • Browser cookies or cache are cleared

  • Someone switches to a different browser, device, or uses incognito mode

Team 2FA Quick Reference

Situation

Solution

Team member locked out — has old phone

Transfer 2FA to new phone (see: Manage 2FA Recovery & Setup)

Team member locked out — no old phone

Account Owner generates backup code: Subscriptions → three dots next to user → Generate Backup Code

Multiple people using one login

Create individual logins from Account Settings → Team Management

Need to require 2FA for the whole team

Account Settings → Security → Require Two-Factor Authentication for your team

Account Owner locked out, no recovery code

Contact support via the blue chat bubble (identity verification required)

Seasonal/temp hire needs access

Add a monthly seat, deactivate when no longer needed

Need Additional Support? Click the blue chat bubble in the bottom corner of your screen to message our support team—we’re happy to help!

Related Articles
How Can I Maximize My Goodshuffle Pro Account Security?
How to Set Up Two-Factor Authentication (2FA) with an Authenticator App
Multi-Factor Authentication (2FA) Best Practices
Two-Factor Authentication (2FA) Frequently Asked Questions
Manage Two-Factor Authentication Recovery and Setup in Goodshuffle Pro
Did this answer your question?