What is Device Pin?

Device Pin is an additional level of security that can be applied to your Shasso account. The first level of security on your account is your login credentials: your Shasso account name and password. With Device Pin, a second level of security is applied to your account, making it harder for your Shasso account to fall into the wrong hands.


When Device Pin is enabled on your account, anyone attempting to login to your Shasso account from an unrecognized device must provide additional authorization. A special access code will be sent to your contact email address, and this code must be entered into Shasso before your login is complete.


Once you've verified your email address with Shasso, Device Pin becomes available for your use. Once enabled, you will be required to access your email and provide the special access code from Shasso Support when logging into Shasso from any device which we don't recognize.


Is there a limit to the number of machines that can be authorized at once?

No, there's no limit. Device Pin is aimed to protect the value that is yours, not limit your access to your stuff. As always, you can access your Shasso account and library from as many machines as you'd like.


What do I do if I do not receive a Device Pin email when I am prompted for the access code?

Please check to make sure that you are accessing the email address that is registered to your Shasso account.


If you do not receive the e-mail at all, check and make sure it is not being filtered as spam.


Please try adding "noreply@shasso.com" to your contacts or trusted senders list within your email client and request a new access code.


Even though Shasso instantly sends an email, you may encounter a delay with some email providers depending on their server load and processing times. Please contact us if you have not received the verification email after 1 hour.


How do Shasso accounts get stolen with Device Pin enabled?

Device Pin protects your Shasso account by requiring access to your verified email account. Using a secure email account with multiple layers of security is the best way to ensure Device Pin cannot be bypassed. Below are the common methods used to steal accounts with Device Pin enabled:


1. Hijacking Email: If your verified email account is stolen or compromised, a user can enter your account freely provided they know your account name. Knowing your Shasso account password would not be required as this can be reset with access to your email account. Never use the same password for both your email and Shasso account.


2. Malware: Hijackers can use malware to gain access to your computer and login to your account using your already authorized device. Since your Shasso account could be open or you have your account credentials saved, the hijacker does not need to know anything about your account to gain access. Using a proper anti-virus software with real time protection and avoiding unsafe websites/files will prevent malware from entering your system.