Two-Factor Authentication (2FA)
Two-factor authentication adds an extra layer of security to your account. In addition to your password, you’ll need a code from an authenticator app.
Overview
| Feature | Details |
|---|---|
| Apps | Google Authenticator, Authy, 1Password |
| Backup codes | 10 codes for emergency access |
| Code validity | 30 seconds |
| Permanent removal | Possible with password verification |
Setting Up 2FA
Step 1 — Access Settings
- Log in at coresynth.io
- Click on Profile in the top right corner
- Go to Account Settings
- Select Two-Factor Authentication
Step 2 — Install Authenticator App
Download an authenticator app:
| App | Platform | Link |
|---|---|---|
| Google Authenticator | iOS, Android | App Store / Google Play |
| Authy | iOS, Android, Desktop | authy.com |
| 1Password | iOS, Android, Desktop | 1password.com |
| Microsoft Authenticator | iOS, Android | App Store / Google Play |
Step 3 — Scan QR Code
- In 2FA settings, click Enable 2FA
- Open your authenticator app
- Scan the QR code or enter the key manually
- Enter the 6-digit code from the app to verify
- Click Confirm
Step 4 — Save Backup Codes
Critical: Save backup codes in a secure location. They are the only way to access your account if you lose your device.
- After activating 2FA, you’ll see 10 backup codes
- Download or print the codes
- Store them securely (password manager, safe)
Logging In with 2FA
After entering your password:
- Open your authenticator app
- Enter the current 6-digit code
- Code is valid for 30 seconds (timer in app)
Tip: If the code doesn’t work, verify your device time is set correctly.
Device Management
In Account Settings > Active Sessions you can see all logged-in devices:
| Column | Description |
|---|---|
| Device | Device type (iPhone, Windows, Linux) |
| Browser | Browser (Chrome, Safari, Firefox) |
| IP Address | Last IP address |
| Last Activity | Date and time |
| Action | Revoke device |
Revoking Devices
- Go to Account Settings > Active Sessions
- Find the device you want to revoke
- Click Revoke
Warning: Revoking all devices will also log you out and you’ll need to log in again.
Using Backup Codes
If you don’t have access to your authenticator app:
- On the login screen, click Use backup code
- Enter one backup code
- The code becomes invalid after use
Note: Each backup code can only be used once. After exhausting all codes, generate new ones.
Regenerating Backup Codes
- Go to Account Settings > Two-Factor Authentication
- Click Generate new backup codes
- Old codes become invalid immediately
- Save the new codes
Disabling 2FA
- Go to Account Settings > Two-Factor Authentication
- Click Disable 2FA
- Enter your password to confirm
- Enter code from app (or backup code)
- Confirm disabling
Warning: Disabling 2FA reduces account security. We recommend keeping 2FA enabled.
Troubleshooting
Lost Device with Authenticator App
Solution:
- Use a backup code to log in
- If you don’t have backup codes, contact support
- After identity verification, 2FA will be reset
Code Not Working
Causes:
- Incorrect time on device
- Wrong QR code scanned
- Expired code (30 seconds)
Solution:
- Synchronize time on your device
- Verify you’re using the correct account in the app
- Wait for a new code
Lost Backup Codes
Solution:
- If you have 2FA active, you can generate new codes in settings
- If you can’t access your account, contact support with proof of ownership
Can’t Scan QR Code
Solution:
- Click Enter key manually
- Copy the secret key (format:
XXXX-XXXX-XXXX-XXXX) - Paste into your authenticator app
Security Recommendations
- Save backup codes — without them, you’ll lose account access
- Use a password manager — to store backup codes securely
- Never share codes — never send codes to anyone
- Regularly check sessions — revoke unknown devices
- Enable 2FA everywhere — email, social media, hosting
Next Steps
- Billing & Payments — Manage your credit
- Support — Contact for issues
- Platform Overview — Getting started with CoreSynth
Need help? Open a support ticket or ask Alex.