Skip to content

Multi-Factor Authentication (2FA)

The Multi-Factor Authentication (2FA) page lets you secure your account by requiring a time-based one-time password (TOTP) in addition to your password during login.

This significantly reduces the risk of unauthorized access, even if your password is compromised.

Danger

Enable 2FA as soon as possible after account creation to protect against credential theft.

Page Overview

When to use this page

  • After creating your account
  • When strengthening account security
  • After noticing unusual or suspicious login activity
  • When enabling two-factor authentication for the first time

What you can do

  • Enable or disable multi-factor authentication for your account
  • Pair an authenticator app using a QR code or secret key
  • Verify and activate TOTP-based authentication
  • Confirm whether 2FA is currently enabled

At a Glance

  • 2FA enablement status
  • QR code and secret key for authenticator setup
  • OTP verification input

Page Overview

This page is available under:

Settings / 2FA

It is split into two main sections:

  • 2FA Status & Activation (left)
  • QR Code & Secret Key (right)

At the top, a status message clearly indicates whether 2FA is currently enabled.

2FA Status & Activation (Left Panel)

Status Indicator

  • ❌ Multi-factor authentication is not enabled!
    Indicates that 2FA is currently disabled for your account.

Warning

Accounts without 2FA are more vulnerable to credential theft and account takeover.

OTP Code Input

  • OTP code
    A numeric input field where you enter the 6-digit code generated by your authenticator app.

Note

The code changes every 30 seconds. Enter the most recent code shown in your app.

Action Button

  • Turn on 2FA
    Activates multi-factor authentication after a valid OTP code is entered.

QR Code & Secret Key (Right Panel)

This section is used to pair your account with an authenticator app.

QR Code

  • Scan the QR code using an authenticator app such as:
  • Google Authenticator
  • Authy
  • Microsoft Authenticator
  • 1Password

Secret Key

  • A text-based secret key is shown below the QR code
  • Can be used as a manual setup option if QR scanning is not available

Tip

Store the secret key securely. It can be useful if you need to reconfigure your authenticator app later.

Step-by-Step: Enabling 2FA

  1. Go to Settings → 2FA
  2. Open your preferred authenticator app
  3. Add a new account:
  4. Scan the QR code, or
  5. Enter the secret key manually
  6. Your authenticator app will generate a 6-digit code
  7. Enter the code into the OTP code field
  8. Click Turn on 2FA

Expected result:
2FA is enabled, and future logins will require a one-time code in addition to your password.

After Enabling 2FA

Once enabled: - You will be prompted for an OTP code during login - The User Settings page will reflect that 2FA is active - Login activity will record 2FA-related events

Note

If 2FA is enabled, disabling it later may require additional verification.

Tips & Best Practices

Tip

Use at least two devices (e.g. phone + tablet) or securely back up your authenticator setup.

Warning

Losing access to your authenticator app without backups may lock you out of your account.

Assumptions & Limitations

  • Recovery codes are not shown on this screen (assumed not yet implemented).
  • Only TOTP-based authenticators are supported.
  • SMS or email-based 2FA is not currently available.

Note

If recovery options are added later, they will appear on this page or during the 2FA setup flow.