SecurityNew
Two-factor authentication
You can now turn on two-factor authentication from your account settings. Scan the QR code with any authenticator app (1Password, Authy, Google Authenticator, and the rest), confirm a six-digit code, and every future sign-in asks for that second factor.
Enrolment hands you a set of one-time backup codes for the day you lose your phone. Each code works once, and you can regenerate the set at any time. The stored secret is encrypted at rest, and repeated failed challenges lock the account before an attacker can guess their way in.
For admins
- Workspace admins can require 2FA for the whole team. Members who have not enrolled are walked through setup on their next sign-in.
- Failed second-factor attempts are written to the audit log, so you can see when someone is being probed.
Setup steps and recovery options live in the Account & Security docs.