Two-Factor Authentication (2FA)
Adding 2FA gives your account a second layer of security: even if your password is stolen, an attacker can't sign in without your phone.
Enabling
- Go to Settings → Two-factor auth.
- Scan the QR code shown on the page with an authenticator app (Google Authenticator, 1Password, Authy, Microsoft Authenticator — any TOTP app works), or type the secret in manually.
- Enter the 6-digit code from your app and click Enable 2FA.
- Save your backup codes. You'll get single-use codes — store them in a password manager or a safe place offline. They're the only way to log in if you lose access to your authenticator app.
Logging in with 2FA
After entering your email and password, you'll see a 6-digit prompt. Open your authenticator app, type the code, and you're in.
If you don't have your phone, click Use backup code instead and enter one of the unused codes you saved.
Regenerating backup codes
Running low on unused codes, or think your saved set may be exposed? Go to Settings → Two-factor auth → Backup codes and click Regenerate backup codes, then confirm your password in the dialog. This issues a fresh set of eight and immediately invalidates your old codes, so save the new ones.
Disabling
On Settings → Two-factor auth, click Disable next to the "2FA is enabled" badge. A dialog asks for your password to confirm. Once disabled, your backup codes are invalidated.
Lost my phone and my backup codes
Contact support from the email address on the account. We'll verify your identity (usually via a recent invoice or billing record) and reset 2FA manually. Expect a 24-hour turnaround.
Why we recommend it
Auto-collection accounts often have payment data and client lists worth protecting. We don't enforce 2FA, but every Owner should turn it on.