Skip to main content

Two-factor authentication (2FA) is now available in ftrack Studio 4.3 and ftrack Review. Below, our CTO Magnus Eklöv, takes a closer look at this new feature, how to use it, and why we’ve introduced it.

We’re on the cusp of a new decade, and the creative technology we use as we teeter on the edge of 2020 is a great deal different than that of 2010.

When this decade started, global workflows were possible, yet they were unproven and untested. Fast-forward to today and a distributed approach is not only the norm but a necessity. A global infrastructure props up much of the work we do: tools are advanced enough to send massive, complex files from one end of the globe to another with a click; creative companies can find the best third-party talent and work with them across oceans; studios can optimize output via a chase-the-sun, 24/7 production cycle.

However, these benefits came with a proportionate escalation in threat to security. And this is something we think of a great deal at ftrack.

Our tools are built to expedite today’s remote, distributed workflows, but they’re also built to keep all creative content secure and free from prying eyes. The security of all content is of fundamental importance to us. That’s why we continue to have our services evaluated, to pass assessments by content protection initiatives like the Trusted Partner Network, and to add new security features into ftrack Studio and Review – incuding features like two-factor authentication.

Two-factor authentication (2FA) in ftrack

Implementing 2FA login to both ftrack Studio and ftrack Review is another step forward in our ongoing security strategy. We want our users to feel even more confident that the great work they produce remains behind locked doors, and 2FA is a sure way of making that happen.

With 2FA – introduced in our ftrack Studio 4.3 release – users can add a second verification layer on top of user passwords as part of the identification/login process. Working this way, the user logging in must access another physical device (mobile, desktop, or other) to confirm that they are 100% the right person attempting to login to the ftrack account.

Prioritizing security at ftrack

Considering the way that we share and distribute work, using a password alone to prove identity is not enough. The creative process takes place over open networks and uses services in the cloud, and there are too many people with bad intentions looking to steal data for profit.

Passwords can be effective against this threat…if you use them effectively. If you’d like to know more about secure passwords, be sure to read this blog by Charlotte Empey. It offers plenty of great advice on creating passwords that can’t be brute-forced.

However, I find it’s easier to act more safely when using a workflow that uses secure authentication by default. Remember 1996’s Mission Impossible? There’s that fantastic CIA heist scene in which Ethan Hunt dangles upside down, making his way past a vault’s exceptionally advanced security systems and towards its central computer. I believe Hunt would have faced an even harder challenge had he then found himself face to face with the 2FA workflow we have implemented in ftrack.

Keeping your data secure from intruders (although probably not those hanging from a ceiling) is what 2FA is all about.

How to use 2FA

We have based ftrack Studio and ftrack Review’s 2FA workflow on best practice. To use the 2FA feature in ftrack, you must first activate the feature in ftrack’s account settings. Next, ensure you have a mobile phone or another device with an authentication app installed and prepared.

(There are many authentication apps to choose between; select one that your head of IT recommends or the one that best fits your needs. A few commonly used apps are Authy, Google Authenticator, Microsoft Authenticator, and Duo Mobile. They all work a little differently. I prefer to use Authy. It works well on almost any device, and since I use all kinds of tech, I can use it on all my devices: iOS, Android, Mac, and Windows computer.)

To login in using 2FA:

  1. Open your ftrack login screen
  2. Add your credentials, login name, and password
  3. We will verify these credentials against the ftrack database or LDAP source. If the credentials are valid, a new screen will display, asking for a code (a “one-time password” or “OTP”)
  4. Use your device and authentication app to generate the OTP
  5. Enter the OTP generated from your app…and you’re in!

2FA adds a small step to your login process, but the security reinforcement this process introduces is considerable.

We’re working in a more open, distributed industry than ever. Security should not be an afterthought; it should be your priority. You can never emphasize the importance of security enough to your team, so please consider adding it when you’re up and running with ftrack 4.3!

Read our documentation around 2FA in ftrack

ftrack recently acquired Cospective, creator of cineSync: the industry’s most secure synchronized media review and approval tool. Learn more about cineSync and its security features.

More from the blog

What is a Pipeline TD and how can I become one?

| Tips & tricks | No Comments
Lead Pipeline TD Clement Poulain discusses the pipeline TD role in post-production and reveals how you can set yourself up for a role in the industry.

How to set up effective production goals with Fudge Animation

| Animation, Productivity, Q&A, Studio, Tips & tricks | No Comments
The Fudge team discusses how they create effective and achievable production goals that result in great animation, without going over deadline.
Smart vectors 7

Smart Vectors in Nuke – Tips and tricks

| Integrations, Tips & tricks | No Comments
Compositing expert Josh Parks reveals his advice for getting the most out of Smart Vectors in Nuke, a quick and efficient way of achieving tracking results.

Meet Tram Le-Jones, ftrack’s VP of Solutions

| Company, Product, Q&A, Team | No Comments
Tram joins team ftrack to collaborate with customers and develop new tools that will remove barriers to your creative success. Learn about her role.

How to use custom attribute links in ftrack Studio

| New features, Product, Release, Studio, Tips & tricks | No Comments
Custom attribute links are now available in ftrack Studio. Learn how to use them in your next project!

What is a creative project manager and how can I become one?

| Tips & tricks | No Comments
Learn all about the role of creative project managers in post-production studios and find out how you can set yourself up for a role in the industry.

What is a VFX producer and how can I become one?

| Tips & tricks | No Comments
Discover the ins and outs of working as a VFX producer in the post-production industry and learn how you can set yourself up for a role.

Desktop playback in ftrack Studio coming soon in cineSync Play

| Announcements, cineSync, News, Product, Studio | No Comments
cineSync Play is coming to ftrack Studio in 2021—a new integrated desktop application for frame sequence playback.