Security & 2FA
Hexcovery user accounts sign in with an email and password, verified securely on the server. You can add a second layer of protection with two-factor authentication (2FA), and you can change your password at any time. Both are managed from your account settings and apply to your own account.
Two-factor authentication (TOTP)
Hexcovery uses TOTP (time-based one-time passwords) — the same standard supported by Google Authenticator, Authy, and similar apps. With 2FA on, signing in requires your password and a short code from your authenticator app.
Turning on 2FA
- Open your account Settings and start the 2FA setup.
- Hexcovery generates a secret and shows it as a QR code.
- Scan the QR code with your authenticator app (Google Authenticator, Authy, …). The app starts generating a new 6-digit code every 30 seconds.
- Enter the current code from the app to confirm. This proves your app is set up correctly and finishes enabling 2FA.
Once enabled, your sign-in becomes a two-step flow: enter email and password, then enter the current code from your authenticator app to complete the login.
Keep your authenticator safe
If you lose access to your authenticator app you may be locked out. Keep a backup of your authenticator (many apps support this) so you can still generate codes after replacing a device.
Turning off 2FA
You can disable 2FA from the same account settings page. With 2FA off, sign-in goes back to email and password only.
Changing your password
You can change your password from your account settings at any time. Choose a strong, unique password that you do not reuse elsewhere.
Account vs. organization
Your password and 2FA protect your account. Organization-wide settings, users, and API keys are managed separately by admins — see Organization settings and API keys.
Related
- Authentication — how sign-in and 2FA work under the hood.
- Users, teams & roles