Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a verification code sent to your email in addition to your password.

Overview

When 2FA is enabled:

• Login: After entering your password, you'll receive a 6-digit code via email
• Sensitive actions: Changing your password or deleting your account requires email verification

Enabling 2FA

1. Go to Settings → Security
2. Find the Two-Factor Authentication card
3. Click Enable 2FA
4. Enter the 6-digit code sent to your email
5. Click Verify & Enable

Once enabled, you'll see a green "Enabled" badge on the 2FA card.

Using 2FA During Login

1. Enter your email and password as usual
2. You'll be redirected to the verification page
3. Check your email for a verification code
4. Enter the 6-digit code
5. Click Verify to complete login

Tip: Codes expire after 5 minutes. Click "Resend Code" if needed.

Sensitive Actions

With 2FA enabled, these actions require email verification:

Action	What happens
Change Password	OTP field appears in the password form
Delete Account	OTP required before account deletion

Verifying Sensitive Actions

1. In the action form, click Send Code
2. Enter the 6-digit code from your email
3. Complete the action as normal

Disabling 2FA

1. Go to Settings → Security
2. Click Disable 2FA
3. Enter the verification code sent to your email
4. Click Verify & Disable

Warning: Disabling 2FA reduces your account security.

Troubleshooting

Not receiving verification codes?

1. Check spam/junk folder - Codes come from notifications@optivationai.com
2. Verify your email - Ensure your account email is correct in Settings
3. Wait and retry - There's a 60-second cooldown between code requests
4. Check email filters - Whitelist optivationai.com domain

Code expired?

Codes are valid for 5 minutes. Click Resend Code to get a new one.

Locked out?

If you can't access your email:

1. Contact your team administrator
2. They can disable 2FA from the admin panel
3. Or contact support at support@optivationai.com

Security Notes

• Codes are single-use - Each code can only be used once
• Rate limited - Maximum 5 OTP requests per 15 minutes
• Secure delivery - Codes are sent only to your verified email
• No SMS option - Email-only for security (SMS is vulnerable to SIM swapping)

FAQ

Q: Is 2FA required?
A: No, 2FA is optional. However, we strongly recommend enabling it.

Q: Can I use an authenticator app?
A: Currently only email-based 2FA is supported. Authenticator app support may be added in future updates.

Q: Does 2FA affect team members?
A: No, each user controls their own 2FA settings independently.

Q: What if my email is compromised?
A: If you suspect your email is compromised, contact support immediately to secure your account.