Two-Factor Authentication

Two-factor authentication (2FA) adds a second step to sign-in: after your password, you enter a 6-digit code from an authenticator app. Even if your password leaks, your account stays protected.

Enrolling an authenticator

1. Go to Settings → Security in your dashboard.
2. Under two-factor authentication, choose to enroll a factor.
3. Scan the QR code with an authenticator app — Google Authenticator, 1Password, Authy, Microsoft Authenticator, or any TOTP-compatible app.
4. Enter the current 6-digit code to confirm the app is in sync.
5. Give the factor a friendly name (e.g. "Work phone") so you can recognize it later.

Once enrolled, the factor is listed with its name and the date it was added. You can unenroll it from the same screen.

Signing in with 2FA

After you enter your password, NemoRouter prompts for the current 6-digit code from your authenticator. Enter it to complete sign-in. Codes rotate every 30 seconds, so use the latest one shown in your app.

Organization-wide enforcement

Owners and admins can require every member of the organization to enroll 2FA. When that's on, members are sent to enroll before they can reach the dashboard. This setting lives in your team/security configuration — see Security Settings.

Tips

• Enroll on a device you keep — losing your only authenticator means you'll need an admin or support to help you regain access.
• Use an app that backs up (1Password, Authy) so a lost phone doesn't lock you out.
• 2FA is independent of phone verification — one is an authenticator app, the other is SMS for your number.

Next steps

• Logging In — How 2FA fits into the sign-in flow
• Security Settings — Sessions, SSO, SCIM, and MFA enforcement
• Passwords & Reset — Keep your first factor strong too