Skip to main content

Two-Factor Authentication

Two-factor authentication (2FA) adds an extra security layer to your tagd-ai account. Even if someone learns your password, they can't access your account without the second factor.

How 2FA Works

With 2FA enabled:

  1. Enter your email and password
  2. You're prompted for a verification code
  3. Get the code from your authenticator app
  4. Enter the code to complete login

Setting Up 2FA

Requirements

  • A smartphone with an authenticator app:
    • Google Authenticator
    • Authy
    • Microsoft Authenticator
    • 1Password
    • Any TOTP-compatible app

Enable 2FA

  1. Go to AccountSecurity
  2. Click Enable Two-Factor Authentication
  3. Scan the QR code with your authenticator app
  4. Enter the verification code shown in the app
  5. Save your backup codes
  6. 2FA is now active

Step-by-Step with Google Authenticator

  1. Install Google Authenticator on your phone
  2. In tagd-ai, go to AccountSecurity
  3. Click Enable Two-Factor Authentication
  4. Open Google Authenticator
  5. Tap +Scan QR code
  6. Point camera at the QR code in tagd-ai
  7. Authenticator shows a 6-digit code
  8. Enter this code in tagd-ai
  9. Click Verify and Enable

Backup Codes

What Are Backup Codes?

Single-use codes for when you can't use your authenticator:

  • Phone lost or broken
  • App deleted
  • Can't access device

Saving Backup Codes

When you enable 2FA:

  1. tagd-ai displays 10 backup codes
  2. Download or print them immediately
  3. Store securely (not on your phone)
  4. Each code can only be used once

Using a Backup Code

  1. At 2FA prompt, click Use backup code
  2. Enter one of your backup codes
  3. Code is consumed (can't be reused)
  4. You're logged in

Regenerating Backup Codes

If you've used or lost codes:

  1. Go to AccountSecurity
  2. Click Regenerate Backup Codes
  3. Enter your 2FA code to confirm
  4. New codes are generated
  5. Old codes are invalidated

Logging In with 2FA

Normal Login

  1. Enter email and password
  2. Click Sign In
  3. 2FA prompt appears
  4. Open authenticator app
  5. Enter the 6-digit code
  6. Click Verify

Code Timing

  • Codes refresh every 30 seconds
  • Enter before the timer expires
  • If it expires, wait for the next code

Remember This Device

Optionally skip 2FA on trusted devices:

  1. Check Remember this device for 30 days
  2. 2FA won't be required on this device
  3. Other devices still require 2FA

Disabling 2FA

To turn off two-factor authentication:

  1. Go to AccountSecurity
  2. Click Disable Two-Factor Authentication
  3. Enter your password
  4. Enter a 2FA code (or backup code)
  5. Confirm disabling
warning

Disabling 2FA reduces your account security. Only disable if necessary.

Changing 2FA Method

To switch authenticator apps:

  1. Disable 2FA (above)
  2. Re-enable 2FA
  3. Scan with new authenticator app

Troubleshooting

Code Not Working

  1. Check time sync - Your phone's clock must be accurate

    • Enable automatic time on your phone
    • Try syncing time in authenticator settings

  2. Wait for new code - Use a fresh code, not expired one

  3. Check correct account - Ensure you're using tagd-ai's entry

Lost Phone

  1. Use a backup code to log in
  2. Go to AccountSecurity
  3. Disable 2FA
  4. Re-enable with new device

Authenticator App Deleted

  1. Use a backup code
  2. Disable and re-enable 2FA
  3. Set up with fresh QR code

No Backup Codes

If you can't access authenticator AND have no backup codes:

  1. Contact support@tagd-ai.com
  2. Verify your identity
  3. Support can disable 2FA after verification
  4. This may take 1-3 business days

Best Practices

Setup

  • Use a reputable authenticator app
  • Enable cloud backup in authenticator (Authy)
  • Store backup codes securely offline
  • Consider multiple 2FA methods

Maintenance

  • Check backup codes periodically
  • Update 2FA when changing phones
  • Keep authenticator app updated
  • Remove old devices from trusted list

Recovery

  • Keep backup codes in safe place
  • Don't store with your password
  • Consider giving trusted person emergency access
  • Test a backup code to ensure they work

2FA and Teams

Organization Policies

Organizations can:

  • Require 2FA for all members
  • Enforce 2FA for admin accounts
  • Set policies for trusted devices

Admin Settings

Organization admins:

  1. Go to OrganizationSecurity
  2. Toggle Require 2FA
  3. Set grace period for enabling
  4. Monitor compliance

Security Benefits

What 2FA Protects Against

  • Password theft/leaks
  • Phishing attacks
  • Brute force attempts
  • Shared password compromises

What 2FA Doesn't Protect

  • If your device is stolen and unlocked
  • Targeted attacks on your authenticator
  • Social engineering on backup codes

Next Steps