Setting Up Two-Factor Authentication
Two-factor authentication (2FA) protects your account with a second proof of identity on top of your password, so a stolen password alone can never get into your account. This guide walks you through enabling 2FA with an authenticator app, saving your backup code, and confirming everything works. For how 2FA fits into sign-in and account security overall, see Authentication.
Where It Lives
Everything below happens on your Profile page, in the Security card. Open in Mirox — Profile menu ▸ Profile, then scroll to Security.
Before You Start
- Install an authenticator app on your phone (or a desktop equivalent) that generates time-based one-time passwords (TOTP) — most standard authenticator apps work.
- Have somewhere safe to store a single recovery code (a password manager, or written down and locked away).
- Setup never locks you out: 2FA only switches on after you confirm a working code, so a misconfigured app cannot leave you stranded.
Enable Two-Factor Authentication
On the Security card, the status badge shows Disabled until you turn 2FA on.
- Open your Profile and scroll to the Security card.
- Click Enable. A setup dialog opens with three steps.
- Scan the QR code. In your authenticator app, add a new account and scan the QR code shown in the dialog. If you cannot scan, copy the secret under Manual Entry and type it into the app by hand. Click Next.
- Save your backup code. The dialog shows your recovery code (see Save Your Backup Code below) — store it before continuing. Click Next.
- Verify and enable. Enter the current 6-digit code from your authenticator app and click Verify and Enable.
Once verified, the status badge flips to Enabled and shows the date 2FA was activated. From now on, every sign-in asks for a current 6-digit code after your password.
2FA Is Required at Every Login
After you enable it, signing in always prompts for your authenticator code before your session is granted. Keep your authenticator app available on a device you carry — losing access to it means falling back on your backup code.
Save Your Backup Code
When you enable 2FA you receive one single 8-character backup code. It is your way back in if you lose access to your authenticator app, so treat it like a spare key.
- Copy the code (use the copy button next to it) and store it somewhere safe and separate from your phone.
- The backup code is single-use. The moment you use it, a fresh one is issued automatically — record the new one each time.
- You only ever hold one backup code at a time. This is not a printable list of ten.
Do Not Skip This Step
If you lose your authenticator app and have no backup code, you cannot complete sign-in yourself. Store the current code before you finish setup, and update your record whenever a new one is issued.
Confirm Your App Is in Sync
After setup, you can check that your authenticator is generating valid codes without changing anything on your account.
- On the Security card, click Check 2FA.
- Enter a current code from your authenticator app.
- A success message confirms the code is valid. This is a dry run — nothing on your account changes.
Use this any time you are unsure whether your app is still in sync, for example after moving your authenticator to a new phone.
Manage Your Backup Code and 2FA
The Security card gives you three actions once 2FA is enabled:
- New Backup Codes — Issue a fresh recovery code (you confirm with a current authenticator code first). The previous backup code is invalidated immediately, so record the new one.
- Check 2FA — Run the no-change verification described above.
- Disable — Turn 2FA off. You must enter a current authenticator code to confirm. Your account reverts to password-only sign-in until you enable 2FA again.
If You Lose Your Authenticator App
If you can no longer generate codes, use your backup code on the sign-in screen.
- Sign in with your username and password as usual.
- On the two-factor screen, choose Use Backup Code and enter your 8-character code.
Backup Recovery Turns 2FA Off
Signing in with your backup code completes the login and also switches 2FA back off, so you can re-establish it cleanly. After you are in, return to the Security card and enable 2FA again with a fresh QR scan.
Best Practices
- Enable 2FA on every account with access to plant operations — it is the single biggest improvement you can make to account security.
- Store your backup code somewhere you can reach without your phone, and refresh it whenever a new one is issued.
- When you replace or reset your phone, set up the authenticator on the new device first, then run Check 2FA to confirm it works before relying on it.
- Pair 2FA with regular session reviews so you can spot and sign out any device you do not recognize.
Related Guides
- Authentication — how sign-in, 2FA, sessions, and API tokens work together
- Managing Your Sessions — review active sessions and sign out devices you no longer use
- Permission System — what your identity is allowed to reach once you are signed in