Securing your account with 2FA
Two-factor authentication (2FA) adds a second step to your login, so that knowing your password is not enough to get into your account. It is off by default, and you can turn it on whenever you like.
Turn it on
Go to Dashboard → Profile and find the two-factor authentication section.
- Choose Set Up Authenticator.
- Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, or similar), or type in the secret it shows you by hand.
- Enter the 6-digit code from your app to confirm. 2FA is not active until you do this step.
That is it. Your account now asks for a code at login.
How login works once it is on
After you enter your password (or sign in with Google or Facebook), BladeOS asks for the current 6-digit code from your authenticator app. Enter it and you are in. The code changes every 30 seconds, so it cannot be reused.
If you lose your authenticator
You are not locked out. BladeOS tries your options in order: your authenticator app first, then a one-time code by text message if you have a phone number on file, and finally a code by email. So keep a recovery method up to date in your profile.
Turning it off
You can remove your authenticator and switch 2FA off at any time from the same place in Dashboard → Profile. We do recommend keeping it on, it is the single best protection for your account.
Good to know
- Available to everyone, both bladesmiths and customers.
- Works with both email/password login and social login (Google, Facebook).
- Each code is time-based and only valid briefly, so screenshots of old codes will not work.
Connecting Google or Facebook
Under Account → Security you will find a Linked accounts card. Connect a Google or Facebook account there and you can sign in with one tap next time, no password needed. You can remove a connected account from the same place at any time. The one exception: if a social account is your only way to sign in, set a password first so you are never locked out.