servd

Documentation

Documentation > Your Account >

Two Factor Authentication

You can enable two factor authentication for your Servd account to ensure that nobody can gain access even if they have your email and password.

We currently support 2FA using authentication mobile apps and password managers which support one-time passwords.

Enable 2FA #

  1. Visit the User Settings page in the Servd dashboard

  2. Click the 'Enable' button in the Two Factor Authentication pane

  3. Use a mobile authenticator app or a compatible password manager to scan the QR code. Alternatively you can enter the secret key manually.

  4. Generate a new one-time password using your authenticator app and enter it into the One Time Password field.

  5. Click 'Submit' and you're done! The next time you log in you'll need to use your authenticator app to gain access.

Recovery Codes #

As well as using the authenticator app you can also use one of several Recovery Codes to log in. These are generated once, are single use, and are displayed on your User Settings page in the Servd dashboard.

You should grab a copy of these and save them somewhere safe and secure.

Enforce 2FA #

If you would like to force all members of your team to use two factor authentication, navigate to the "Enforce Two Factor Authentication" section in your Team Settings page and then flip the switch to enable it.

If your user account doesn't currently have 2FA set up, then enabling this setting will immediately block you from accessing your team.

2FA Session Length #

In order to keep your account secure, the Servd Dashboard only retains your 2FA logged in state for 24 hours after your last period of activity. After that you'll need to enter a new authentication code to regain access.

Enforced 2FA Session Length

If you would like to change the default session length, then first enable the "Enforce Two Factor Authentication" setting as described above, then update the "Enforce Session Length" field to the number of minutes you would like to 2FA sessions to last for.

In the interest of security, if your user account belongs to multiple teams, then the lowest enforced session length will be applied.