Account & Security

Two-Factor Authentication

Secure your account with TOTP-based two-factor authentication and recovery codes.

Why Enable 2FA?

Two-factor authentication adds an extra layer of security to your APVISO account. Even if your password is compromised, an attacker cannot access your account without the second factor. Given that APVISO manages security-sensitive data about your applications, enabling 2FA is strongly recommended.

Setting Up 2FA

  1. Navigate to Settings → Security.
  2. Click Enable Two-Factor Authentication.
  3. Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.).
  4. Enter the 6-digit code from your authenticator app to confirm setup.
  5. 2FA is now active.

Recovery Codes

After enabling 2FA, APVISO generates 10 single-use recovery codes. These are your backup if you lose access to your authenticator app.

  • Save them securely — download the codes and store them in a password manager or a secure offline location.
  • Each code can only be used once.
  • When you use a recovery code to log in, you will be prompted to set up a new authenticator.

You can regenerate recovery codes at any time from Settings → Security → Regenerate Recovery Codes. This invalidates all previous codes.

Logging In with 2FA

After entering your email and password, you will see a second prompt asking for a 6-digit code. Enter the current code from your authenticator app. If you do not have access to your authenticator, click Use Recovery Code and enter one of your saved recovery codes.

Disabling 2FA

  1. Go to Settings → Security.
  2. Click Disable Two-Factor Authentication.
  3. Enter a current 2FA code or recovery code to confirm.
  4. 2FA is disabled.

Disabling 2FA is not recommended unless you are migrating to a new authenticator app. In that case, disable and immediately re-enable.

2FA for Team Accounts

On Business and Enterprise tiers, account administrators can enforce 2FA for all team members. When enforced, team members must set up 2FA on their next login or they will be unable to access the dashboard.

Supported TOTP Apps

APVISO's 2FA uses the TOTP (Time-based One-Time Password) standard (RFC 6238). Any TOTP-compatible app works:

  • Google Authenticator
  • Authy
  • 1Password
  • Bitwarden
  • Microsoft Authenticator
  • YubiKey Authenticator
Back to Knowledge Base