Two-Factor Authentication (2FA)
Two-factor authentication adds a second layer of security beyond your password, significantly reducing the risk of unauthorized access.
Why Enable 2FA?
Even with a strong password, your account can be compromised through:
- Password reuse from other breached sites
- Phishing attacks
- Keyloggers or malware
- Shoulder surfing
With 2FA enabled, attackers need both your password AND physical access to your authenticator device.
Supported Methods
TOTP (Time-based One-Time Password)
Sealmetrics uses TOTP, the industry standard for 2FA:
- 6-digit codes that change every 30 seconds
- Works offline (no SMS needed)
- Compatible with all major authenticator apps
Compatible Apps
| App | Platform | Notes |
|---|---|---|
| Google Authenticator | iOS, Android | Simple, widely used |
| Authy | iOS, Android, Desktop | Cloud backup, multi-device |
| 1Password | All platforms | Integrated with password manager |
| Microsoft Authenticator | iOS, Android | Good for Microsoft ecosystems |
| Bitwarden | All platforms | Open source |
Enabling 2FA
Step 1: Access Security Settings
- In the sidebar, go to My Account → Security
- Find the Two-Factor Authentication section
Step 2: Start Setup
Click Enable 2FA. You'll be asked to enter your current password to begin setup.
Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Status: Not enabled
Two-factor authentication adds an extra layer
of security by requiring a code from your
phone in addition to your password.
[Enable 2FA]
Step 3: Scan QR Code and Save Backup Codes
Set Up Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Step 1: Scan this QR code with your authenticator app
┌─────────────────────┐
│ ▄▄▄▄▄ ▄▄▄ ▄▄▄▄▄ │
│ █ █ ▀▀▀ █ █ │
│ █▄▄▄█ ▄▄▄ █▄▄▄█ │
│ ▄▄▄▄▄ █▀█ ▄▄▄▄▄ │
│ █ █ ▀▀▀ █ █ │
│ █▄▄▄█ █▄▄▄█ │
└─────────────────────┘
Can't scan? Enter this code manually:
XXXX-XXXX-XXXX-XXXX (your unique secret)
On the same screen, Sealmetrics shows your 10 backup codes. Save them somewhere safe before continuing — you'll use them to sign in if you lose your authenticator device. Each code can be used once.
Backup Codes
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠️ Save these codes somewhere safe!
┌─────────────────────────────────────────┐
│ abc12-def34 ghi56-jkl78 │
│ mno90-pqr12 stu34-vwx56 │
│ yza78-bcd90 efg12-hij34 │
│ klm56-nop78 qrs90-tuv12 │
│ wxy34-zab56 cde78-fgh90 │
└─────────────────────────────────────────┘
[Copy All Codes]
[I've saved my backup codes]
Step 4: Verify the Code
Enter the 6-digit code from your authenticator app to confirm setup.
Verify Setup
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Enter the 6-digit code from your authenticator app
[______]
[Verify & Enable]
Step 5: Confirm Enabled
Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Status: ✅ Enabled
Enabled on: January 15, 2024
Backup codes remaining: 10 of 10
[Regenerate Codes] [Disable 2FA]
Signing In with 2FA
After entering your email and password:
Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Enter the 6-digit code from your authenticator app
[______]
[Verify]
Having trouble?
→ Use a backup code instead
Using Backup Codes
If you can't access your authenticator:
- Click Use a backup code instead
- Enter one of your saved backup codes
- Sign in successfully
- Code is marked as used
Use Backup Code
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Enter one of your backup codes:
[____________]
[Verify]
Note: Each backup code can only be used once.
After signing in, generate new codes if running low.
Managing 2FA
The Two-Factor Authentication section in My Account → Security shows your status, the number of backup codes remaining (e.g. "8 of 10 codes remaining"), and buttons to Regenerate Codes and Disable 2FA.
Backup codes are only displayed once — when you first enable 2FA and again each time you regenerate them. Sealmetrics does not let you re-view existing codes later. If you can't find them, regenerate a new set.
Regenerate Codes
When running low on backup codes:
- Go to My Account → Security
- In Two-Factor Authentication, click Regenerate Codes
- Enter your current 6-digit 2FA code to confirm
- Save the new codes securely — the old codes stop working immediately
Change Authenticator App
To switch to a different authenticator:
- Disable 2FA (requires current code)
- Re-enable with new app
- Scan new QR code
- Save new backup codes
Disable 2FA
Disabling 2FA requires both your password and a current verification code (a 6-digit code from your authenticator app, or a backup code).
Disable Two-Factor Authentication
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
⚠️ This will make your account less secure.
Password: [________________]
Verification code: [______]
(6-digit code or a backup code)
[Disable 2FA]
Lost Access to Authenticator
If You Have Backup Codes
- Sign in with backup code
- Go to My Account → Security
- Disable 2FA (requires your password and a backup code)
- Re-enable with new device
If You Don't Have Backup Codes
Contact support for account recovery:
- Email security@sealmetrics.com
- Provide:
- Account email
- Proof of identity (ID document)
- Recent activity details you remember
- Support will verify and assist
Account recovery without backup codes takes 2-5 business days for security verification.
Security Best Practices
Do
- ✅ Use a reputable authenticator app
- ✅ Save backup codes in a secure location (password manager, safe)
- ✅ Keep backup codes separate from your password
- ✅ Regenerate codes after using some
Don't
- ❌ Store backup codes in plaintext on your computer
- ❌ Share your authenticator with others
- ❌ Screenshot your QR code
- ❌ Disable 2FA without good reason
Troubleshooting
"Invalid Code" Error
- Check your device time is accurate (TOTP is time-based)
- Ensure you're entering code for Sealmetrics (not another service)
- Wait for new code (codes change every 30 seconds)
- Try using a backup code
Authenticator Shows Wrong Time
TOTP requires accurate time:
iPhone: Settings → General → Date & Time → Set Automatically
Android: Settings → Date & Time → Automatic date & time
Syncing Issues with Authy
- Open Authy settings
- Tap "Sync" to refresh
- Try code again
Related
- Backup Codes - Managing your recovery codes
- Session Management - View and manage active sessions
- IP Allowlist - Restrict access by IP address