Skip to Content
SecurityTwo-Factor Authentication

Two-Factor Authentication

Add an extra layer of security to your account with two-factor authentication (2FA).

What is 2FA?

Two-Factor Authentication requires two forms of verification:

  1. Something you know - Your password
  2. Something you have - A code from your authenticator app

Even if someone steals your password, they can’t access your account without the second factor.

Why Use 2FA?

  • Prevents unauthorized access - Password alone isn’t enough
  • Protects sensitive data - Client and financial information
  • Compliance - May be required by regulations
  • Peace of mind - Know your account is secure

Setting Up 2FA

Prerequisites

Install an authenticator app on your phone:

  • Google Authenticator (iOS/Android)
  • Authy (iOS/Android/Desktop)
  • Microsoft Authenticator (iOS/Android)
  • 1Password (if you use it for passwords)

Step-by-Step Setup

  1. Go to Settings > Security
  2. Find Two-Factor Authentication section
  3. Click Enable 2FA
  4. A QR code appears on screen
  5. Open your authenticator app
  6. Tap Add Account or +
  7. Scan the QR code
  8. Enter the 6-digit code shown in the app
  9. Click Verify
  10. Save your backup codes

Backup Codes

After enabling 2FA, you’ll receive backup codes:

XXXX-XXXX-XXXX
XXXX-XXXX-XXXX
XXXX-XXXX-XXXX
...

Important:

  • Save these in a secure location
  • Each code can only be used once
  • Use them if you lose your phone

Logging In with 2FA

After entering your password:

  1. Open your authenticator app
  2. Find Zettabit entry
  3. Note the current 6-digit code
  4. Enter the code before it expires (30 seconds)
  5. Click Verify

If You Lose Your Phone

Use a backup code:

  1. Enter your email and password
  2. Click Use Backup Code
  3. Enter one of your saved backup codes
  4. Login successful

Then immediately:

  1. Disable 2FA
  2. Set up 2FA again with new device
  3. Generate new backup codes

Disabling 2FA

To turn off 2FA:

  1. Go to Settings > Security
  2. Click Disable 2FA
  3. Enter your password to confirm
  4. 2FA is now disabled

Only disable temporarily for troubleshooting. Re-enable for security.

Regenerating Backup Codes

If you’ve used backup codes or think they’re compromised:

  1. Go to Settings > Security
  2. Click Regenerate Backup Codes
  3. Enter your current 2FA code
  4. New codes are generated
  5. Old codes are invalidated

Troubleshooting

”Invalid verification code”

  • Ensure you’re entering the current code (they change every 30 seconds)
  • Check your phone’s time is correct (auto-sync recommended)
  • Make sure you’re using the right account in your app

”2FA code expired”

Codes are valid for 30 seconds. Enter the new code that appears.

Phone time is wrong

Authenticator apps depend on accurate time:

  • Go to phone Settings
  • Enable automatic date/time
  • Restart authenticator app

Lost phone and no backup codes

Contact your administrator. They can temporarily disable 2FA for your account after verifying your identity.

Admin: Managing User 2FA

Administrators can:

View 2FA Status

See which users have 2FA enabled in the Users list.

Require 2FA

Enforce 2FA for all users or specific roles:

  1. Go to Settings > Security
  2. Enable Require 2FA for all users
  3. Users without 2FA must set it up on next login

Reset User 2FA

If a user is locked out:

  1. Go to Users
  2. Find the user
  3. Click Reset 2FA
  4. User can set up 2FA again

Best Practices

  1. Always enable 2FA - Especially for admin accounts
  2. Use a secure authenticator - Avoid SMS-based 2FA when possible
  3. Store backup codes safely - Password manager or secure location
  4. Don’t share codes - They’re for your use only
  5. Update recovery options - Keep email and phone current
Last updated on
Advanced SettingsActive Sessions