Setting Up Multi-Factor Authentication

Multi-factor authentication (MFA) adds an extra layer of security to your account. Even if someone learns your password, they can't sign in without the second factor.

What Zenovay Supports

Zenovay protects your account login in two ways:

Method	What it does	Best for
Authenticator app (TOTP)	A time-based 6-digit code as your second factor	Everyone — recommended
Passkeys (WebAuthn)	Sign in without a password, using your device or a security key	Phishing-resistant, password-free sign-in

Both are available on every plan, including Free. You'll find them in your account settings: two-factor authentication on Settings → Account, and passkeys on Settings → Account → Security (/settings/account/security).

Setting Up Two-Factor Authentication (Authenticator App)

Two-factor authentication uses an authenticator app that generates a time-based one-time password (TOTP).

Supported Authenticator Apps

• Google Authenticator (iOS, Android)
• Authy (iOS, Android, Desktop)
• 1Password (All platforms)
• Microsoft Authenticator (iOS, Android)
• Bitwarden (All platforms)

Setup Steps

1. 1

   Open Account settings

   Go to Settings → Account.

2. 2

   Enable two-factor authentication

   In the Security and account section, find Two-factor authentication and click Enable. This opens a short setup screen.

3. 3

   Scan the QR code

   Open your authenticator app and scan the QR code shown. If you can't scan, click View setup key to enter the secret manually.

4. 4

   Enter the verification code

   Type the 6-digit code from your authenticator app to verify the setup.

5. 5

   Save your backup codes

   Zenovay generates 10 single-use backup codes. Download or copy them and store them somewhere safe.

Adding a Passkey (Passwordless Sign-In)

Passkeys let you sign in without a password, using your device's biometrics (Touch ID, Face ID, Windows Hello) or a hardware security key. They're resistant to phishing because the credential is bound to Zenovay's domain.

What Works as a Passkey

• Built-in platform authenticators (Touch ID, Face ID, Windows Hello)
• Hardware security keys (YubiKey and other FIDO2 keys)

1. 1

   Open Security settings

   Go to Settings → Account → Security.

2. 2

   Add a new passkey

   On the Passkeys card, click New passkey.

3. 3

   Give it a nickname

   Name it so you can recognize it later (for example, "MacBook Pro" or "YubiKey 5"), then continue.

4. 4

   Confirm on your device

   When prompted by your browser, complete the device prompt — touch your security key, or use Touch ID / Face ID / Windows Hello.

Using Two-Factor Authentication When You Sign In

After enabling two-factor authentication, sign-in becomes a two-step process:

1. Enter your email and password as usual.
2. When prompted, enter the 6-digit code from your authenticator app.

If you've added a passkey, you can instead sign in with the passkey and skip the password entirely.

Managing Your Security Settings

Your account security lives in two places: two-factor authentication is on Settings → Account, and passkeys are on Settings → Account → Security.

Viewing What's Enabled

On Settings → Account, the Two-factor authentication row shows whether 2FA is on. On Settings → Account → Security, the Passkeys card lists each passkey you've registered, including when it was last used.

Getting Fresh Backup Codes

You receive your backup codes once, when you first turn on two-factor authentication. If you run low or lose them, turn two-factor authentication off and back on again to set up a new authenticator and get a fresh set of codes. The old codes stop working as soon as you re-enable.

Removing a Passkey

1. Go to Settings → Account → Security.
2. On the Passkeys card, open the menu next to a passkey and choose Revoke.
3. You can enroll a new passkey at any time.

Disabling Two-Factor Authentication

1. Go to Settings → Account.
2. In the Security and account section, find Two-factor authentication and click Disable.
3. Confirm by entering a current code from your authenticator app.

Backup Codes

Backup codes let you sign in if you lose access to your authenticator app.

About Backup Codes

• 10 single-use codes are generated when you enable 2FA
• Each code works only once
• Unused codes stay valid until you turn 2FA off and on again, which issues a new set
• Store them securely (a password manager, for example)

Using a Backup Code

1. At the second-factor prompt during sign-in, choose to use a backup code.
2. Enter one of your codes.
3. You're signed in, and that code is now used up.

Troubleshooting

Authenticator Code Not Working

• Make sure your device's clock is set to sync automatically — TOTP depends on accurate time.
• Confirm you're using the code for Zenovay, not another service.
• Wait for the next code (they refresh every 30 seconds).
• Use a backup code if the problem persists.

Lost Your Authenticator App

1. Use a backup code to sign in.
2. Disable the old two-factor setup.
3. Set up two-factor authentication again with your new device.

Passkey Not Working

• Try a different USB port if you're using a hardware key.
• Update your browser to a current version.
• Confirm the key is FIDO2 / WebAuthn compatible.
• You can always fall back to your password plus authenticator code.

SSO and Team Accounts

If your team uses Single Sign-On (SSO), your sign-in, including any second factor, is handled by your organization's identity provider rather than by Zenovay's own MFA settings. In that case, configure two-factor requirements with your provider. SSO is available on the Scale and Enterprise plans.

Best Practices

1. Use an authenticator app for two-factor authentication on every account.
2. Add a passkey so day-to-day sign-in is fast and phishing-resistant.
3. Store backup codes securely (an encrypted password manager works well).
4. Enable MFA on your email account too.

Next Steps

• Learn about TOTP in detail
• Set up WebAuthn passkeys
• Manage your backup codes
• Review security best practices