Two-Factor Authentication (2FA)

Two-factor authentication adds a second layer of security beyond your password, significantly reducing the risk of unauthorized access.

Why Enable 2FA?

Even with a strong password, your account can be compromised through:

Password reuse from other breached sites
Phishing attacks
Keyloggers or malware
Shoulder surfing

With 2FA enabled, attackers need both your password AND physical access to your authenticator device.

Supported Methods

TOTP (Time-based One-Time Password)

Sealmetrics uses TOTP, the industry standard for 2FA:

6-digit codes that change every 30 seconds
Works offline (no SMS needed)
Compatible with all major authenticator apps

Compatible Apps

App	Platform	Notes
Google Authenticator	iOS, Android	Simple, widely used
Authy	iOS, Android, Desktop	Cloud backup, multi-device
1Password	All platforms	Integrated with password manager
Microsoft Authenticator	iOS, Android	Good for Microsoft ecosystems
Bitwarden	All platforms	Open source

Enabling 2FA

Step 1: Access Security Settings

Click your profile icon in the top right
Select Settings → Security
Find Two-Factor Authentication

Step 2: Start Setup

Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Status: Not enabled

Two-factor authentication adds an extra layer
of security by requiring a code from your
phone in addition to your password.

[Enable 2FA]

Step 3: Scan QR Code

Set Up Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Step 1: Scan this QR code with your authenticator app

    ┌─────────────────────┐
    │  ▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄   │
    │  █   █ ▀▀▀ █   █   │
    │  █▄▄▄█ ▄▄▄ █▄▄▄█   │
    │  ▄▄▄▄▄ █▀█ ▄▄▄▄▄   │
    │  █   █ ▀▀▀ █   █   │
    │  █▄▄▄█     █▄▄▄█   │
    └─────────────────────┘

Can't scan? Enter this code manually:
XXXX-XXXX-XXXX-XXXX (your unique secret)

Step 2: Enter the 6-digit code from your app

[______]

[Verify and Enable]

Step 4: Save Backup Codes

Save Your Backup Codes
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚠️ IMPORTANT: Save these codes somewhere safe!

If you lose access to your authenticator app,
you can use these backup codes to sign in.
Each code can only be used once.

┌─────────────────────────────────────────┐
│  abc12-def34                            │
│  ghi56-jkl78                            │
│  mno90-pqr12                            │
│  stu34-vwx56                            │
│  yza78-bcd90                            │
│  efg12-hij34                            │
│  klm56-nop78                            │
│  qrs90-tuv12                            │
│  wxy34-zab56                            │
│  cde78-fgh90                            │
└─────────────────────────────────────────┘

[Download Codes] [Copy to Clipboard]

☑ I have saved my backup codes

[Complete Setup]

Step 5: Confirm Enabled

Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Status: ✅ Enabled

Enabled on: January 15, 2024
Last used: Never

Backup codes remaining: 10 of 10

[View Backup Codes] [Disable 2FA]

Signing In with 2FA

After entering your email and password:

Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Enter the 6-digit code from your authenticator app

[______]

[Verify]

Having trouble?
→ Use a backup code instead

Using Backup Codes

If you can't access your authenticator:

Click Use a backup code instead
Enter one of your saved backup codes
Sign in successfully
Code is marked as used

Use Backup Code
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Enter one of your backup codes:

[____________]

[Verify]

Note: Each backup code can only be used once.
After signing in, generate new codes if running low.

Managing 2FA

View Backup Codes

See remaining codes:

Backup Codes
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Remaining: 8 of 10 codes

Used codes:
  • abc12-def34 (used Jan 10)
  • ghi56-jkl78 (used Jan 12)

[Regenerate All Codes]

Warning: Regenerating will invalidate all
existing codes, including unused ones.

Regenerate Codes

When running low on backup codes:

Go to Settings → Security → 2FA
Click Regenerate All Codes
Enter your current 2FA code to confirm
Save new codes securely

Change Authenticator App

To switch to a different authenticator:

Disable 2FA (requires current code)
Re-enable with new app
Scan new QR code
Save new backup codes

Disable 2FA

Disable Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

⚠️ This will make your account less secure.

Enter your current 2FA code to confirm:

[______]

[Disable 2FA]

Lost Access to Authenticator

If You Have Backup Codes

Sign in with backup code
Go to Settings → Security
Disable 2FA
Re-enable with new device

If You Don't Have Backup Codes

Contact support for account recovery:

Email security@sealmetrics.com
Provide:
- Account email
- Proof of identity (ID document)
- Recent activity details you remember
Support will verify and assist

warning

Account recovery without backup codes takes 2-5 business days for security verification.

2FA for Teams

Requiring 2FA (Growth Plan)

Admins can enforce 2FA for all team members:

Security Policy
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

☑ Require 2FA for all users

Users without 2FA:
  • mike@company.com (invited to set up)
  • guest@agency.com (invited to set up)

Grace period: [7] days

After grace period, users without 2FA
will be unable to access the account.

Monitoring 2FA Adoption

Team Security Status
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

2FA Enabled: 4 of 5 users (80%)

User                    2FA Status    Last Login
─────────────────────────────────────────────────
admin@company.com       ✅ Enabled    Today
sarah@company.com       ✅ Enabled    Today
mike@company.com        ⚠️ Pending    Yesterday
john@company.com        ✅ Enabled    3 days ago
guest@agency.com        ❌ Not set    1 week ago

Security Best Practices

Do

✅ Use a reputable authenticator app
✅ Save backup codes in a secure location (password manager, safe)
✅ Keep backup codes separate from your password
✅ Regenerate codes after using some

Don't

❌ Store backup codes in plaintext on your computer
❌ Share your authenticator with others
❌ Screenshot your QR code
❌ Disable 2FA without good reason

Troubleshooting

"Invalid Code" Error

Check your device time is accurate (TOTP is time-based)
Ensure you're entering code for Sealmetrics (not another service)
Wait for new code (codes change every 30 seconds)
Try using a backup code

Authenticator Shows Wrong Time

TOTP requires accurate time:

iPhone: Settings → General → Date & Time → Set Automatically

Android: Settings → Date & Time → Automatic date & time

Syncing Issues with Authy

Open Authy settings
Tap "Sync" to refresh
Try code again

Backup Codes - Managing your recovery codes
Session Management - View and manage active sessions
IP Allowlist - Restrict access by IP address

Why Enable 2FA?​

Supported Methods​

TOTP (Time-based One-Time Password)​

Compatible Apps​

Enabling 2FA​

Step 1: Access Security Settings​

Step 2: Start Setup​

Step 3: Scan QR Code​

Step 4: Save Backup Codes​

Step 5: Confirm Enabled​

Signing In with 2FA​

Using Backup Codes​

Managing 2FA​

View Backup Codes​

Regenerate Codes​

Change Authenticator App​

Disable 2FA​

Lost Access to Authenticator​

If You Have Backup Codes​

If You Don't Have Backup Codes​

2FA for Teams​

Requiring 2FA (Growth Plan)​

Monitoring 2FA Adoption​

Security Best Practices​

Do​

Don't​

Troubleshooting​

"Invalid Code" Error​

Authenticator Shows Wrong Time​

Syncing Issues with Authy​

Related​