Why am I being prompted to enter a code when I log into FullStory?

To protect your data and reduce the risk of unauthorized access to your FullStory account, we’ve implemented a security measure called Device Verification. This applies to all FullStory accounts except those that authenticate via a third party (such as Google Authentication).

How does it work?

When you attempt to log into FullStory from an unrecognized browser, we’ll send you an email with the subject “New login to your FullStory account.” This email will contain an alphanumeric code which you’ll need to supply in order to complete your login. It’ll also contain some information about the login attempt, including country of origin and IP address. The code is valid for 20 minutes.

Enter the code from the email on the FullStory login page to proceed.

Once you’ve successfully completed this flow, we’ll remember the current browser as “trusted” for 60 days. You won’t be prompted for a code during future logins from that browser until 60 days have elapsed (or you clear your cookies).

Why did we do this?

This additional security measure helps protect against an attacker using a password from a third-party data breach to gain access to your FullStory account. With Device Verification, an attacker would need access to your password and your email inbox in order to compromise your FullStory account.

I received the email, but I didn’t initiate a login attempt.

This means that someone else may have obtained your FullStory password. Follow the instructions in the email to change your password. Click the “Forgot password?” link at https://app.fullstory.com/login to reset your password. If you’ve reused that password on other services, you should consider changing it on those platforms as well.

I can’t retrieve the code because I’ve lost access to my email account.

If you no longer have access to the email address associated with your FullStory account, an Admin from your FullStory team will need to invite your new email address to the team. See “How to regain access to your account” for more details on this process. Once you’ve regained access, you can complete the Device Verification flow with your new account.

Other recommendations

Although Device Verification helps mitigate the risk of account takeover, we always recommend using a strong and unique password for your FullStory account. You can also use Google Authentication with FullStory. While Device Verification does not apply to accounts using Google Authentication, you can configure additional security measures through Google (such as two-step verification).

Can’t find what you’re looking for?

The FullStory team awaits your every question.

Contact Us