SafeVaultSafeVault
Back to Help Center
Security

Enabling Two-Factor Authentication

Add an extra layer of security to your SafeVault account by enabling two-factor authentication (2FA).

What Is Two-Factor Authentication?

Two-factor authentication (2FA) adds a second verification step when signing in. Even if someone knows your master password, they can't access your account without the second factor.

Supported 2FA Methods

SafeVault supports:

  • Authenticator app (TOTP) — Google Authenticator, Authy, or any TOTP-compatible app
  • Security keys — YubiKey and other FIDO2/WebAuthn hardware keys
  • Email verification — A code sent to your registered email (least secure, but better than nothing)

We recommend using an authenticator app or security key for the strongest protection.

Setting Up 2FA with an Authenticator App

  1. Open SafeVault and go to Settings → Security → Two-Factor Authentication
  2. Click Enable 2FA
  3. Select Authenticator App
  4. Scan the QR code with your authenticator app (Google Authenticator, Authy, etc.)
  5. Enter the 6-digit code shown in your authenticator app
  6. Click Verify and Enable

Backup Codes

After enabling 2FA, SafeVault gives you a set of backup codes. These are one-time codes you can use if you lose access to your authenticator app.

  • Download or write down the backup codes
  • Store them in a safe physical location
  • Each code can only be used once

Setting Up a Security Key

  1. Go to Settings → Security → Two-Factor Authentication
  2. Click Enable 2FA
  3. Select Security Key
  4. Insert your security key into a USB port (or hold it near your device for NFC)
  5. Touch the key when prompted
  6. Give the key a name (e.g., "YubiKey - Blue") for identification

You can register multiple security keys as backups.

Signing In with 2FA

After enabling 2FA:

  1. Enter your email and master password as usual
  2. You'll be prompted for your second factor
  3. Enter the code from your authenticator app, or touch your security key
  4. You're signed in

On trusted devices, you can choose to remember the device and skip 2FA for 30 days.

Disabling 2FA

If you need to disable 2FA:

  1. Go to Settings → Security → Two-Factor Authentication
  2. Click Disable 2FA
  3. Enter your master password to confirm
  4. 2FA is now removed from your account

Note: We strongly recommend keeping 2FA enabled at all times.

What If I Lose My Authenticator?

  1. Use one of your backup codes to sign in
  2. Go to Settings and set up a new authenticator
  3. Generate new backup codes

If you've lost both your authenticator and backup codes, contact support with your account verification details.