Overview
We’ve introduced a new 2FA (Two-Factor Authentication) prompt to strengthen supporter account security and build trust.
Once this feature is enabled on your lottery site, supporters will be prompted during their first regular login (excluding checkout logins) to secure their account with 2FA. This one-time prompt encourages them to take action without adding unnecessary friction to the purchase process.
This change provides a clear, simple path to enhanced security, giving supporters greater control over their account protection.
One-Time 2FA Prompt
When logging in for the first time after 2FA is enabled, supporters will see a modal with two options:
- Enable 2FA (Recommended) – the primary and more prominent action.
The modal includes a concise explanation of the benefits of 2FA, encouraging supporters to enable it immediately.
Activation Methods:
- Authenticator App – supporters are guided through the setup process step-by-step within the modal.
- Email Code – supporters receive a code sent to their registered email address for quick verification.
If activating via the authenticator app, supporters will be prompted to follow below steps to activate.
If activating using the email address/ code you will be shown the email address that the code is being sent to- this would be the same email that you used to create the account
Post-Account Creation Flow
- Supporters who choose Set Up Later can activate 2FA at any time by navigating to:
- My Account → My Settings → Login and Security
- From here, they can toggle 2FA on and follow the same setup process described above.
Opt-Out Handling
If a supporter dismisses the prompt:
- They will not be prompted again unless future re-prompting logic is introduced.
Opt-In Handling
If a supporter chooses to enable 2FA:
- They are immediately guided through the setup process, ensuring a seamless experience.
Tracking & Analytics
To monitor adoption and optimise the experience, a new tracking event has been introduced.
New Segment Event: 2FA Prompt Acknowledged
This event fires when a supporter interacts with the prompt either accepting or dismissing it.
From here, we can measure:
- Opt-Out Rate:
Number of users who triggered 2FA Prompt Acknowledged but did not trigger 2FA Setup Started.
- Opt-In Drop-Off Rate:
Number of users who triggered 2FA Prompt Acknowledged and 2FA Setup Started but did not trigger 2FA Setup Completed.
- Successful Setup Rate:
Number of users who triggered 2FA Prompt Acknowledged, 2FA Setup Started, and 2FA Setup Completed.
Setup Method Breakdown:
Captured in the existing 2FA Setup Completed event via the 2fa_type field (email vs. authenticator app).If you are interested in enabling this for your site please feel free to reach out to the Customer Success team.