Skip to main content

Two-factor authentication (2FA) is now available in ftrack Studio 4.3 and ftrack Review. Below, our CTO Magnus Eklöv, takes a closer look at this new feature, how to use it, and why we’ve introduced it.

We’re on the cusp of a new decade, and the creative technology we use as we teeter on the edge of 2020 is a great deal different than that of 2010.

When this decade started, global workflows were possible, yet they were unproven and untested. Fast-forward to today and a distributed approach is not only the norm but a necessity. A global infrastructure props up much of the work we do: tools are advanced enough to send massive, complex files from one end of the globe to another with a click; creative companies can find the best third-party talent and work with them across oceans; studios can optimize output via a chase-the-sun, 24/7 production cycle.

However, these benefits came with a proportionate escalation in threat to security. And this is something we think of a great deal at ftrack.

Our tools are built to expedite today’s remote, distributed workflows, but they’re also built to keep all creative content secure and free from prying eyes. The security of all content is of fundamental importance to us. That’s why we continue to have our services evaluated, to pass assessments by content protection initiatives like the Trusted Partner Network, and to add new security features into ftrack Studio and Review – incuding features like two-factor authentication.

Two-factor authentication (2FA) in ftrack

Implementing 2FA login to both ftrack Studio and ftrack Review is another step forward in our ongoing security strategy. We want our users to feel even more confident that the great work they produce remains behind locked doors, and 2FA is a sure way of making that happen.

With 2FA – introduced in our ftrack Studio 4.3 release – users can add a second verification layer on top of user passwords as part of the identification/login process. Working this way, the user logging in must access another physical device (mobile, desktop, or other) to confirm that they are 100% the right person attempting to login to the ftrack account.

Prioritizing security at ftrack

Considering the way that we share and distribute work, using a password alone to prove identity is not enough. The creative process takes place over open networks and uses services in the cloud, and there are too many people with bad intentions looking to steal data for profit.

Passwords can be effective against this threat…if you use them effectively. If you’d like to know more about secure passwords, be sure to read this blog by Charlotte Empey. It offers plenty of great advice on creating passwords that can’t be brute-forced.

However, I find it’s easier to act more safely when using a workflow that uses secure authentication by default. Remember 1996’s Mission Impossible? There’s that fantastic CIA heist scene in which Ethan Hunt dangles upside down, making his way past a vault’s exceptionally advanced security systems and towards its central computer. I believe Hunt would have faced an even harder challenge had he then found himself face to face with the 2FA workflow we have implemented in ftrack.

Keeping your data secure from intruders (although probably not those hanging from a ceiling) is what 2FA is all about.

How to use 2FA

We have based ftrack Studio and ftrack Review’s 2FA workflow on best practice. To use the 2FA feature in ftrack, you must first activate the feature in ftrack’s account settings. Next, ensure you have a mobile phone or another device with an authentication app installed and prepared.

(There are many authentication apps to choose between; select one that your head of IT recommends or the one that best fits your needs. A few commonly used apps are Authy, Google Authenticator, Microsoft Authenticator, and Duo Mobile. They all work a little differently. I prefer to use Authy. It works well on almost any device, and since I use all kinds of tech, I can use it on all my devices: iOS, Android, Mac, and Windows computer.)

To login in using 2FA:

  1. Open your ftrack login screen
  2. Add your credentials, login name, and password
  3. We will verify these credentials against the ftrack database or LDAP source. If the credentials are valid, a new screen will display, asking for a code (a “one-time password” or “OTP”)
  4. Use your device and authentication app to generate the OTP
  5. Enter the OTP generated from your app…and you’re in!

2FA adds a small step to your login process, but the security reinforcement this process introduces is considerable.

We’re working in a more open, distributed industry than ever. Security should not be an afterthought; it should be your priority. You can never emphasize the importance of security enough to your team, so please consider adding it when you’re up and running with ftrack 4.3!

Read our documentation around 2FA in ftrack

ftrack recently acquired Cospective, creator of cineSync: the industry’s most secure synchronized media review and approval tool. Learn more about cineSync and its security features.

More from the blog

What’s new in ftrack – Enhanced Project dashboards and streamlined data export

| New features, Product, Release, Studio | No Comments
In this update, we've made some small tweaks that make a big impact. We've introduced more flexibility in project dashboard customization and simplified the data export process—all designed to make…

New Available Tasks workflows to empower your team to self-serve tasks

| New features, Product, Release, Studio, Team | No Comments
We’ve made ftrack’s Available Tasks workflows more easily accessible to all ftrack users! With this update, you can make your workflow more dynamic and make it easier for creatives to…

Introducing the ftrack Connect Framework and new integrations

| Announcements, Developer, Integrations, New features, News, Product, Release, Studio | No Comments
We’re excited to announce the release of our new ftrack Connect Framework, designed for pipeline support in the creative industry. This significant upgrade brings forth a suite of enhancements tailored…

Introducing the new ftrack Developer Hub

| Announcements, API, Developer, Integrations, Productivity, Studio, Tips & tricks | No Comments
We're thrilled to announce the launch of the new ftrack Developer Hub—a comprehensive resource designed for developers, pipeline technical directors (TDs), and anyone keen on maximizing their use of ftrack…

Introducing the Create Project UI: Discover a new user-friendly UI to set up your ftrack projects

| Announcements, New features, Product, Release, Studio | No Comments
We’re excited to unveil something we hope will make your project kick-offs that little bit simpler – the new Create Project UI. We've designed the new interface to make every…

What’s new in ftrack media review: Stylus and tablet support is here!

| New features, Product, Productivity, Release, Remote, Review, Studio | No Comments
The latest updates to ftrack Studio and ftrack Review are all about making your review sessions with clients as smooth and productive as possible. With support for tablet and stylus…

Enhanced performance in ftrack Studio: Fine-tuning for speed, reliability, and security

| API, Developer, New features, Product, Productivity, Studio | No Comments
From significant API query speed improvements to the adoption of Python 3, ftrack Studio has recently received a batch of speed, reliability, and security enhancements to make your project management…

Backlight and the Visual Effects Society forge a partnership for the VES Awards judging process

| Case Study | No Comments
Backlight was thrilled to be invited by the Visual Effects Society (VES) - the VFX industry’s premier global honorary society - to help support the virtual judging process for its…