Two-Factor Authentication

Compose provides the option for users to enable two-factor authentication to gain access to their databases via the Compose web application. This feature greatly enhances the protection around your Compose account and substantially decreases the likelihood of unauthorized access to your databases via a username or password in the wild.

Enabling two-factor authentication (2FA) is straight-forward and takes just a couple of minutes. It is one of the simplest ways to protect your Compose account. We cover how to get started a bit further down the page.

What does it work with

Compose two-factor authentication works with standard SMS and with all the popular authentication apps, including:

Team-enforced Two-Factor Authentication

A unique option for our release of two-factor authentication is that it allows the account owner for your account to enforce all users on the account to turn on / set up 2FA before being able to log back into the Compose application. This is a quick and easy way to ensure that you have 100% adoption of this security practice in your organization.

Getting Started

If you are just starting out investigating this option and are looking to enable it for your user on your Compose account, you can follow these steps to enable two-factor authentication:

Step 1: After logging into Compose, click on the account icon on the left sidebar.


Finding the Account View.

On that page, find the section labeled “Two-factor authentication.”


Two-Factor Authentication Status.

Step 2: Click “configure.”


Configure Two-Factor Authentication.

Step 3: Follow the steps provided in the web application, ensuring that you have your mobile device accessible (you will need it). If you already have an authentication app, select “Use an App”. Otherwise, select “Use SMS”. If all goes well, you should see this:


Successful Configuration.

Fallback SMS Number

Once you have enabled two-factor authentication for your user, you can provide a fallback SMS number. If you lose your mobile device, you can still access your account using your Compose password and a code that can be sent via SMS to your fallback number.

When you save a fallback SMS number, Compose will send a verification message to the number you provided.

Recovery Codes

Recovery codes are another method to gain access to your account in the event that you cannot log into your account via two-factor authentication. You can download these codes and keep them in a safe place. Each code can only be used once as, if it is used, it instantly expires.


Currently, for users of Compose that access their web application through a provider portal, we are unable to enable two-factor authentication at this time. In these scenarios, the provider directly provides the means/procedure for authentication and two-factor authentication would need to be enabled at that level.

If you have concerns about this, we are happy to share additional details. Please feel free to contact us at [email protected] for additional details.

Open-source version

Considering the effort our team put into writing a solid tool to provide two-factor authentication to our application, we wanted to extend that benefit to the community, allowing other companies to quickly extend this feature to their users as well.

Soon, we will release a gemified version of our REST-based efforts. It will include testing by a world-renown security company, and will be actively developed by our team. We call it Authful and we will post the link when it is ready to go.

Still Need Help?

If this article didn't solve things, summon a human and get some help!