Cloudsmith Documentation Hub

Welcome to the Cloudsmith Documentation Hub. You'll find comprehensive guides and documentation to help you start working with Cloudsmith as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Two-Factor Authentication

Two times the security. Twice as secure. Right? Well, that only matters if the base level of security is strong to begin with. At Cloudsmith security is one of our most paramount concerns, and we utilise our collective years across different disciplines such as financial technology and Internet startups to apply this to package management. You can see this in the architectural DNA of the service, such as how we process packages away from the front-end, through to utilisation of front-end security techniques, such as the use of Content Security Policy (CSP), HTTP Strict Transport Security (HSTS), etc.

We provide support for two-factor authentication via a TOTP (Time-based One-time Password Algorithm) device, such as Google Authenticator, LastPass Authenticator, etc:

User 2FAUser 2FA

User 2FA

Once you've completed enrolment (i.e. registration of your device with us), you will be challenged to authenticate via the device after social or password-based login. You do this by entering in a 6-digit pin that your device presents. If you forget your 6-digit pin, we also offer a recovery service using disposable tokens.

Also, If you're a member of a Cloudsmith Organisation with "Owner" permissions, you can also force Enforce Enrolment of Two-Factor for everyone in the Org:

Enforce 2FAEnforce 2FA

Enforce 2FA

A flag that denotes 2fa within the organization members' list will tell you if the member has two-factor enabled or not:

If you enforce enrolment and a User hasn't yet enrolled, they will not be able to access any of the pages for the Organisation (e.g. they can't view or manipulate packages). If you are security conscious, please consider enabling this.

Updated 2 months ago


Two-Factor Authentication


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.


Cloudsmith is the new standard in Package Management and Software Distribution

With support for all major package formats, you can trust us to manage your software supply chain.


Start My Free Trial Now
Cookie Declaration (Manage Cookies)