Two-Factor Authentication (2FA)
Two-factor authentication adds a second verification step at login. Even if someone obtains your password, they cannot access your account without also having access to your authenticator app. ZeroTwo uses TOTP (Time-based One-Time Password) — the standard used by apps like Google Authenticator, Authy, and 1Password.Setting Up 2FA
Open your authenticator app
Open your preferred authenticator app on your phone or computer. Compatible apps include:
- Google Authenticator (iOS / Android)
- Authy (iOS / Android / Desktop)
- 1Password (iOS / Android / Desktop)
- Microsoft Authenticator
- Any standard TOTP app
Scan the QR code
ZeroTwo displays a QR code. Scan it with your authenticator app. If you can’t scan the QR code, click Show setup key and enter the key manually into your app.
Enter the verification code
Your authenticator app will display a 6-digit code that refreshes every 30 seconds. Enter the current code into ZeroTwo to verify that setup was successful.
Save your backup codes
After verification, ZeroTwo generates your backup codes. Save these immediately in a secure location — you’ll need them if you lose access to your authenticator app. More on backup codes below.
Backup Codes
Backup codes are emergency access codes generated when you enable 2FA. Each code is single-use — once you use it to log in, it’s gone. What backup codes are for:- Getting into your account if you lose your phone or uninstall your authenticator app
- Recovering access when traveling without your usual device
- In your password manager (most secure)
- In an encrypted notes app
- Printed and stored somewhere physically secure
Regenerating Backup Codes
If you’ve used most of your backup codes, or if you’re concerned they may have been compromised:- Go to Settings → Security → Two-Factor Authentication
- Click Regenerate backup codes
- The old codes are immediately invalidated — they will no longer work
- Save your new codes in a secure location right away
Logging In With 2FA
After you enable 2FA, every login requires an additional step:- Enter your email and password as usual
- ZeroTwo presents a 2FA challenge screen
- Open your authenticator app and enter the current 6-digit code
- If you don’t have your authenticator app, click Use a backup code and enter one of your saved backup codes
Disabling 2FA
Confirm with your current code
Enter a valid 6-digit code from your authenticator app to confirm you have control of the 2FA device.
Authenticator Assurance Level (AAL)
ZeroTwo uses Authenticator Assurance Level (AAL) to track how your current session was authenticated:| AAL Level | How it’s achieved | What it means |
|---|---|---|
| AAL1 | Password only | Standard session — authenticated with password |
| AAL2 | Password + 2FA code | High-assurance session — you’ve verified possession of your 2FA device |
Session Management
ZeroTwo tracks active sessions across all devices where you’re logged in. You can view and manage these sessions to ensure no unauthorized access exists.Viewing Active Sessions
- Go to Settings → Security → Sessions
- See a list of all active sessions including:
- Device type and name
- Location (approximate, based on IP)
- Last active time
- Current session indicator
Ending a Specific Session
If you see a session you don’t recognize or a device you no longer use:- In the Sessions list, find the session you want to end
- Click the logout icon or End session next to it
- That device will be logged out immediately
Logout All Devices
The Logout All Devices option revokes all active sessions across every device where you’re logged in — including your current session. Use this if:- You’ve lost a device
- You suspect your account has been accessed without your permission
- You’re handing over a device and want to ensure your account isn’t accessible
- Go to Settings → Security
- Click Logout All Devices
- Confirm the action
- All sessions are immediately revoked — you’ll need to log in again on every device
After using Logout All Devices, you will be logged out of your current session too. You’ll be redirected to the login page.
Authentication Methods
ZeroTwo supports two ways to sign in:| Method | Description |
|---|---|
| Email + Password | Traditional credential-based login. Works with 2FA. |
| OAuth (Google, GitHub) | Sign in with your Google or GitHub account. Fast and passwordless. |
Frequently Asked Questions
Can I use the same authenticator app across multiple accounts?
Can I use the same authenticator app across multiple accounts?
Yes. Authenticator apps are designed to manage multiple TOTP accounts. You’ll have one entry per ZeroTwo account.
What if I change phones?
What if I change phones?
Before getting a new phone, transfer your authenticator app to the new device. Most apps (Authy, 1Password, Google Authenticator) have a transfer or export feature. If you already switched phones without transferring, use a backup code to log in and then re-set up 2FA with your new device.
Does 2FA work with OAuth (Google/GitHub) login?
Does 2FA work with OAuth (Google/GitHub) login?
ZeroTwo’s 2FA applies at the ZeroTwo level. If you sign in via Google, Google handles its own MFA. ZeroTwo’s TOTP 2FA is a separate, additional layer on top of OAuth.
Can I require 2FA for my whole Business org?
Can I require 2FA for my whole Business org?
Org-level 2FA enforcement may be available for Business accounts. Contact ZeroTwo support to ask about enforcing 2FA across all members in your org.
I lost my phone and backup codes. What do I do?
I lost my phone and backup codes. What do I do?
Contact ZeroTwo support at reed@zerotwo.ai. Account recovery without a 2FA method requires identity verification. There is no automated bypass — this is intentional to prevent unauthorized access.