If you have two-factor authentication (2FA) enabled, you may wonder whether you can mark a device as "trusted" so you skip the code prompt next time. This guide explains how MFA works across devices in Zenovay today.
MFA Is Required on Every Login
Zenovay does not offer a "remember this device" or "trust this device" option. When 2FA is enabled, you'll be asked for a verification code every time you sign in — on every browser and every device.
This is intentional. Requiring a code on each sign-in keeps your account protected even if your password is leaked or your session cookie is stolen.
What Each Login Looks Like
- Enter your email and password at the sign-in screen
- When prompted, open your authenticator app and enter the current 6-digit code
- Select Continue to finish signing in
That code prompt appears each time a new session is started — it isn't tied to a one-time "trust" decision.
If You Lose Access to Your Authenticator
You don't have to be locked out if your authenticator app is unavailable. On the verification screen, choose Use a backup code and enter one of the recovery codes you saved when you set up 2FA. Each backup code works once.
Treat backup codes like passwords. Store them somewhere safe and offline, and generate a fresh set if you think they've been exposed.
Staying Signed In
You stay signed in for as long as your session is active — you don't re-enter your MFA code while a session is live. A new code is only requested when you start a fresh sign-in (for example, after signing out, on a new browser, or once an old session expires).
To see and end active sessions, see Manage your sessions.
Security Recommendations
- Use a strong, unique password. It's still your first line of defense at every login.
- Keep your backup codes safe and current. They're your fallback if you lose your authenticator.
- Sign out on shared or public computers. Never leave a live session behind on a device others can access.
- Review active sessions periodically and revoke any you don't recognize.