Setting up two-factor authentication

Two-factor (2FA) protects your account if your password is ever leaked or guessed. We use the standard TOTP protocol that any authenticator app supports.

What you’ll need

• An authenticator app: Google Authenticator, 1Password, Authy, Microsoft Authenticator — they all work.
• A safe place to store backup codes (1Password, your password manager, or printed and locked away).

Enabling 2FA

1. Sign in to the hub and go to Settings → Security.
2. Click Start setup. We’ll generate a QR code.
3. Open your authenticator app and scan the code. The app will show a 6-digit code that rotates every 30 seconds.
4. Enter the current code on the page and click Confirm and enable.
5. Save the 10 backup codes we show you. You won’t see them again.

Backup codes

Each backup code works exactly once if you ever lose access to your authenticator (lost phone, app reset, etc). Treat them like passwords: never share them, and regenerate the set if you suspect any are compromised (re-enable 2FA from scratch).

Disabling 2FA

If you need to turn 2FA off — for example because you’re moving authenticators — go to Settings → Security and use the disable card. We require your current password as a final check.