Skip to main content

Two-factor authentication (2FA) is now available in ftrack Studio 4.3 and ftrack Review. Below, our CTO Magnus Eklöv, takes a closer look at this new feature, how to use it, and why we’ve introduced it.

We’re on the cusp of a new decade, and the creative technology we use as we teeter on the edge of 2020 is a great deal different than that of 2010.

When this decade started, global workflows were possible, yet they were unproven and untested. Fast-forward to today and a distributed approach is not only the norm but a necessity. A global infrastructure props up much of the work we do: tools are advanced enough to send massive, complex files from one end of the globe to another with a click; creative companies can find the best third-party talent and work with them across oceans; studios can optimize output via a chase-the-sun, 24/7 production cycle.

However, these benefits came with a proportionate escalation in threat to security. And this is something we think of a great deal at ftrack.

Our tools are built to expedite today’s remote, distributed workflows, but they’re also built to keep all creative content secure and free from prying eyes. The security of all content is of fundamental importance to us. That’s why we continue to have our services evaluated, to pass assessments by content protection initiatives like the Trusted Partner Network, and to add new security features into ftrack Studio and Review – incuding features like two-factor authentication.

Two-factor authentication (2FA) in ftrack

Implementing 2FA login to both ftrack Studio and ftrack Review is another step forward in our ongoing security strategy. We want our users to feel even more confident that the great work they produce remains behind locked doors, and 2FA is a sure way of making that happen.

With 2FA – introduced in our ftrack Studio 4.3 release – users can add a second verification layer on top of user passwords as part of the identification/login process. Working this way, the user logging in must access another physical device (mobile, desktop, or other) to confirm that they are 100% the right person attempting to login to the ftrack account.

Prioritizing security at ftrack

Considering the way that we share and distribute work, using a password alone to prove identity is not enough. The creative process takes place over open networks and uses services in the cloud, and there are too many people with bad intentions looking to steal data for profit.

Passwords can be effective against this threat…if you use them effectively. If you’d like to know more about secure passwords, be sure to read this blog by Charlotte Empey. It offers plenty of great advice on creating passwords that can’t be brute-forced.

However, I find it’s easier to act more safely when using a workflow that uses secure authentication by default. Remember 1996’s Mission Impossible? There’s that fantastic CIA heist scene in which Ethan Hunt dangles upside down, making his way past a vault’s exceptionally advanced security systems and towards its central computer. I believe Hunt would have faced an even harder challenge had he then found himself face to face with the 2FA workflow we have implemented in ftrack.

Keeping your data secure from intruders (although probably not those hanging from a ceiling) is what 2FA is all about.

How to use 2FA

We have based ftrack Studio and ftrack Review’s 2FA workflow on best practice. To use the 2FA feature in ftrack, you must first activate the feature in ftrack’s account settings. Next, ensure you have a mobile phone or another device with an authentication app installed and prepared.

(There are many authentication apps to choose between; select one that your head of IT recommends or the one that best fits your needs. A few commonly used apps are Authy, Google Authenticator, Microsoft Authenticator, and Duo Mobile. They all work a little differently. I prefer to use Authy. It works well on almost any device, and since I use all kinds of tech, I can use it on all my devices: iOS, Android, Mac, and Windows computer.)

To login in using 2FA:

  1. Open your ftrack login screen
  2. Add your credentials, login name, and password
  3. We will verify these credentials against the ftrack database or LDAP source. If the credentials are valid, a new screen will display, asking for a code (a “one-time password” or “OTP”)
  4. Use your device and authentication app to generate the OTP
  5. Enter the OTP generated from your app…and you’re in!

2FA adds a small step to your login process, but the security reinforcement this process introduces is considerable.

We’re working in a more open, distributed industry than ever. Security should not be an afterthought; it should be your priority. You can never emphasize the importance of security enough to your team, so please consider adding it when you’re up and running with ftrack 4.3!

Read our documentation around 2FA in ftrack

ftrack recently acquired Cospective, creator of cineSync: the industry’s most secure synchronized media review and approval tool. Learn more about cineSync and its security features.

More from the blog

What’s new in cineSync – a deeper iconik integration, laser tool, OTIOZ support, and more

| cineSync, New features, Product, Release | No Comments
cineSync's latest update brings flexibility and precision to your cineSync experience, making it easier to connect your review sessions with media management and storage in iconik, introducing color profiles to…

The Imaginarium Studios: Running a Thriving Motion Capture Studio with ftrack Studio

| Animation, Case Study, News, Q&A, Review, Studio | No Comments
Formed in 2012 by legendary actor and director Andy Serkis and led by CEO Matt Brown, The Imaginarium Studios is a performance-led capture and virtual production studio with facilities located…

ftrack achieves SOC 2 Security compliance for its project management and media review solutions

| Announcements, News, Product, Review, Security, Studio | No Comments
We’re pleased to announce the successful completion of ftrack’s independent SOC 2 audit, reaffirming the commitment, consideration, and care we continue to give to the security of your projects. For…

Chocolate Tribe Invests in South African Talent and Uses ftrack to Collaborate

| Animation, Case Study, News, Q&A, Studio | No Comments
The VFX and animation market in South Africa is about to explode–and Chocolate Tribe has already put the right tools, and team, in place to lead the way. Chocolate Tribe…
ftrack

Protecting Your Creative Vision During Desktop and Web-based Review & Approval

| cineSync, Product, Review, Tips & tricks | No Comments
When it comes to the question of security for media review solutions, how do we manage the balance between protecting the media, but still keeping the solutions simple and user…
Twilight POST

Twilight POST: On the Front Lines of India’s Expanding VFX and Animation Industry

| Animation, Case Study, News, Q&A, Studio | No Comments
As the world sits up and takes notice of cinematic marvels like K.G.F: Chapter 2 and RRR, it's clear that Indian cinema is a force to be reckoned with. VFX…

How to Bypass the 3 Mental Snags of Media Sequence Creation

| Animation, News, Review, Studio, Tips & tricks | No Comments
Forging a compelling media sequence in the fires of creativity and urgent deadlines is a craft that requires meticulous planning, seamless transitions, and an instinctive understanding of storytelling. Whether for…

How Cine Chromatix Automates Production Workflows with ftrack for Award-winning Work

| Case Study, News, Q&A, Review, Studio | No Comments
Racking up industry awards in VFX is just the beginning for Cine Chromatix.   Cine Chromatix is a full-service partner for feature films and series with an in-house VFX and…