Which authenticator apps are supported?

Any app that supports TOTP (Time-based One-Time Passwords) works. Google Authenticator, 1Password, Authy, Microsoft Authenticator, and Bitwarden are all tested and compatible.

What if I lose my phone?

When you enable 2FA, you receive 10 one-time backup codes. Each code can be used exactly once to sign in without your authenticator. Store them somewhere safe (password manager, printed copy in a secure location).

Can I require 2FA for my entire team?

Organization owners and admins can see which members have 2FA enabled. While individual enforcement policies vary by plan, all team members are encouraged to enable 2FA, and it's available at no extra cost on every plan.

Does 2FA apply to the talent approval portal too?

The talent approval portal uses access codes as its authentication mechanism, which is separate from team member 2FA. Talent accesses their approval gallery through a unique, time-limited code rather than a username/password.

How often do I need to enter my 2FA code?

You'll enter your 2FA code each time you sign in to a new session. Active sessions remain valid until you sign out or the session expires, so you won't be prompted repeatedly during normal use.

Is there an extra cost for 2FA?

No. Two-factor authentication is included on all plans, including the free tier. We believe security shouldn't be a premium feature when you're protecting sensitive production assets.

Two-Factor Authentication

Name: Two-Factor Authentication
Brand: ReelStorage
Availability: InStock

A second lock on every account, because passwords alone aren't enough

Get Started Free

Schedule a Demo

By the Numbers

TOTP

Method

Backup Codes

Free

Cost

How It Works

Enable 2FA in settings
Open your account settings and select Enable Two-Factor Authentication. You'll see a QR code to scan.
Scan with your authenticator
Use any TOTP-compatible app (Google Authenticator, 1Password, Authy) to scan the QR code and link your account.
Save backup codes
Store your 10 one-time backup codes somewhere safe. Each code works exactly once in case you lose access to your authenticator.
Verify on every sign-in
After entering your password, you'll be prompted for a 6-digit code from your authenticator app before access is granted.

Perfect For

Film production under NDA

Studios handling unreleased content require every team member to authenticate with 2FA before accessing production stills. Prevents unauthorized access even if a password is compromised.

Required for NDA compliance

Agency managing celebrity assets

PR agencies working with high-profile talent need assurance that only verified team members can view and distribute photos. 2FA adds a verified identity layer to every session.

Zero unauthorized access

Distributed teams across time zones

When your team signs in from different locations and devices, 2FA ensures that stolen credentials can't be used to access the account from an unknown device.

Works on any device

Manual vs Automated

Task	Manual	Automated	Improvement
Protect against stolen passwords	Hope nobody reused a password from a breached site	Second factor blocks unauthorized access	99.9% of attacks prevented
Verify team member identity	Trust the password	Require authenticator code at every sign-in	Verified identity
Recover from lost device	Contact support, prove your identity, wait	Use one of 10 backup codes instantly	Self-service recovery

Protect against stolen passwords

Manual

Hope nobody reused a password from a breached site

Automated

Second factor blocks unauthorized access

Improvement99.9% of attacks prevented

Verify team member identity

Manual

Trust the password

Automated

Require authenticator code at every sign-in

ImprovementVerified identity

Recover from lost device

Manual

Contact support, prove your identity, wait

Automated

Use one of 10 backup codes instantly

ImprovementSelf-service recovery

Key Benefits

TOTP

based 2FA compatible with any authenticator app

Backup codes for account recovery if you lose your device

Session management to review and revoke active sessions

Available on all plans at no extra cost

Production

grade security for NDA-protected content

Two-factor authentication

Imagine this: thousands of unreleased production stills leak online. The root cause? A single compromised password on a shared drive. No second factor, no session monitoring, no way to know who had accessed what.

You can't afford that kind of exposure.

Why passwords aren't enough

If you work in entertainment, your photo library contains unreleased content, embargoed stills, and images of talent who have contractual control over their likeness. A password is a single point of failure. People reuse passwords. People fall for phishing. People write passwords on sticky notes.

Two-factor authentication means that even if someone gets your password, they still can't sign in without the 6-digit code from your authenticator app. It's the same approach banks, hospitals, and government agencies use for sensitive data.

ReelStorage includes 2FA on every plan because security shouldn't be gated behind an enterprise paywall.

How 2FA works in ReelStorage

The setup takes about 60 seconds:

Go to Settings in your account
Click Enable Two-Factor Authentication
Scan the QR code with your authenticator app
Enter the 6-digit code to confirm the link
Save your backup codes

From that point forward, every sign-in requires both your password and a fresh code from your authenticator. The code changes every 30 seconds, which means a stolen code is useless within a minute.

TOTP: the industry standard

ReelStorage uses TOTP (Time-based One-Time Passwords), the same standard used by GitHub, Google, and AWS. This means you can use whichever authenticator app you already have:

Google Authenticator
1Password
Authy
Microsoft Authenticator
Bitwarden

No proprietary app required. No SMS codes (which can be intercepted through SIM swapping). Just a proven cryptographic standard that generates offline codes on your device.

Backup codes: your safety net

When you enable 2FA, ReelStorage generates 10 one-time backup codes. Each code works exactly once. If you lose your phone, break it, or switch devices without transferring your authenticator, these codes let you sign back in and reconfigure 2FA.

Store them somewhere you won't lose them:

In your password manager
Printed and stored in a secure location
In an encrypted note

If you've used all your backup codes and lose your device, you'll need to contact support to verify your identity and regain access.

Session management

2FA works best alongside good session hygiene. Your account settings show all active sessions, including the device, location, and when the session started. If you see something unfamiliar, you can revoke that session immediately.

This is particularly useful for:

Shared workstations at a production office
Traveling team members who sign in from hotel or airport Wi-Fi
Post-project cleanup when you want to ensure no lingering sessions exist

Security for production environments

Productions handling NDA-protected content operate under strict security requirements. Distributors like Netflix, Amazon, and Apple have specific guidelines for how production materials should be stored and accessed.

2FA is a baseline requirement for most of these security frameworks. With ReelStorage, every team member can enable it at no extra cost, which means you're not choosing between security and budget.

What 2FA protects against

Credential stuffing: Automated attacks using leaked password databases
Phishing: Fake login pages that capture passwords but can't capture future TOTP codes
Password reuse: When the same password is used across multiple services and one gets breached
Unauthorized device access: Someone who borrows or steals a laptop can't sign in without the authenticator

What 2FA doesn't replace

2FA is one layer in a security stack. It works alongside role-based permissions (controlling what each person can do), activity logging (recording who did what), and proper access management (removing people when they leave). No single feature makes you secure; the combination does.

Free on every plan

We made a deliberate choice to include 2FA on all plans. If you're storing production photos, event stills, or any content that matters to your business, you should be able to protect it without upgrading to an enterprise tier.

Enable it today. It takes 60 seconds and it might save you from a very bad day.

Frequently Asked Questions

Ready to transform your workflow?

Join thousands of professionals using ReelStorage to manage their creative projects.

Get Started Free

Schedule a Demo