Setting up two-factor authentication

Two-factor authentication (often shortened to 2FA) adds a second step when you sign in: after your password, you also type a 6-digit code from an app on your phone. The code changes every 30 seconds, so it can't be reused if it leaks.

This means a stolen password alone is no longer enough for someone to get into your account.

What you'll need

• An authenticator app on your phone. Any of these work:
  • Google Authenticator (free, iOS & Android)
  • Microsoft Authenticator (free, iOS & Android)
  • 1Password, Bitwarden, Authy (often built into a password manager)
• A few minutes of uninterrupted attention.

Steps

1. Start setup on AppSync

Go to Profile, scroll to Two-factor authentication, type your password, and click Enable two-factor authentication.

2. Scan the QR code

You'll see a QR code (the chequered square). In your authenticator app, choose Add account (or the + button) and Scan QR code. Point your phone's camera at the screen. Your app will add an entry called something like AppSync (your username).

Can't scan? Click Can't scan? Enter the secret manually. to reveal the secret string and type it into your authenticator app instead.

3. Confirm the code

Your authenticator app now shows a 6-digit number that changes every 30 seconds. Type the current code into the Verification code box on AppSync and click Confirm.

If you mistype, you'll have a chance to try again with the same QR code.

4. Save your recovery codes

After confirming, AppSync shows you ten recovery codes. Each one works exactly once and only if you can't access your authenticator app (e.g. lost phone). Save them somewhere safe:

• Print them and put them in a drawer.
• Save them in your password manager.
• Store them in a secure note.

We will never show these codes again. If you lose them, you can regenerate a new set from your Profile — but make sure you still have access to your authenticator first.

From now on, when signing in

After you type your password, AppSync will ask for the 6-digit code. Open your authenticator app, find the AppSync entry, and type whatever number is showing right now.

Troubleshooting

• "Code did not verify" — The most common cause is your phone's clock being slightly off. Authenticator codes are time-based; even a 30-second drift can break them. Make sure your phone is set to automatic time.
• Lost your phone — Use one of the recovery codes you saved. After signing in, go to your Profile and either disable 2FA or set it up again on a new device.
• Lost your phone and your recovery codes — Contact an administrator. They can disable 2FA on your account so you can sign in and re-enable it.

Other help pages

• Login help
• Dashboard help
• Profile help
• Registration help