Two-step login verification

Two-step login verification

Gyazo has two-step login verification. This means we send you a verification email if we see a login attempt from a new IP address that has not been used to login succssfully before.

Note: If you receive a verification email from us with an IP address / location you don't recognize, most likely it is because your password was leaked from another service and then re-used. Please read on for details.


How does Two-step login verification work to improve your security?
When logging in from a new IP address we send a Verification code to your registered email address to make sure it's you. As a result, when you log in from a new IP you need to enter the verification code included in the email to continue.

This way, if a third party tries to access your account they will not be able to get your verification code unless they can access your email as well. This means they effectively can't break into your Gyazo account.


How to log in with two-step verification
If you're trying to log in yourself, check your registered email inbox for an email from Gyazo and then come back, enter the verification code, and proceed to login to your account.

If you haven't tried to log in, it's possible that someone is trying to gain access to your account. If you think that's the case, please follow the steps below.


Multiple unsuccessful login attempts will lock your account. Please reset your password
To protect your account, after several unsuccessful login attempts it will be locked. When that happens, an email with a password reset link is sent to your registered email address.

If you receive this message or if you notice your account is locked when you try to login, immediately reset your password using the reset link in the email we sent.


What if the reset password link in the email has expired?
If you are logged in, you can reset your password on your settings page.
If you are logged out, please use the forgot password page.


Reusing a leaked password is the likely cause of someone trying to access your account
By far the most likely cause of someone trying to access your account is that you reused a password that was leaked from another service you use or used and someone got a hold of it.

It's very unlikely that your password was leaked from Gyazo or that Gyazo was breached in any way. You can always check our Twitter account for the latest security and server status updates.


General Security tips:
Always set a strong password
Never re-use your password between services.
Consider using a password manager like 1password or lastpass so you can use unique, strong passwords for every service without needing to remember them.
Enter your email address at this website to see if your password or other information has ever been part of a reported breach: https://haveibeenpwned.com/


If you wish to delete your Gyazo account
If you no longer want to use Gyazo, please see this page: delete Gyazo account. If you have lots of captures it will take some time to delete all of them -- as much as an hour or more so please be patient for that to finish.


If you have any questions or concerns, please feel free to contact us. We are happy to help.