2FA

TOTP

RFC 6238, via the pquerna/otp library. Compatible with Google Authenticator, Authy, 1Password.

1. /app/security → the "Your account" section → 2FA.
2. Scan the QR code with the app.
3. Enter the 6-digit code to confirm.
4. Download backup codes (shown once).

Backup codes

10 one-time codes. Each works once. Keep them in a password manager.

Recovery

If you lost both the app and the backup codes, contact an admin/owner to disable. An admin/owner can reset 2FA for a member of their org.