Qwizoo
Try for free

Account Security

Two-factor authentication (2FA), backup codes and recommendations for protecting your account.

Updated: April 2026

Two-Factor Authentication (2FA)#

Two-factor authentication is an extra layer of protection for your account. Once enabled, every login (including Google and GitHub) will require not only a password but also a 6-digit code from an authenticator app.

Any TOTP app is supported: Google Authenticator, Authy, 1Password, Microsoft Authenticator and others. The feature is available on all plans at no extra cost.

How to Enable 2FA#

  1. 1Go to Settings → Security.
  2. 2Click "Enable two-factor authentication".
  3. 3Scan the QR code in your authenticator app.
  4. 4Enter the 6-digit code from the app to confirm.
  5. 5Save your 8 backup codes in a safe place — you will need them if you ever lose access to your phone.
💡

After enabling 2FA every login will require a code — including logins via Google or GitHub.

Logging In with 2FA Enabled#

After entering your email and password (or signing in via OAuth) the system will ask for the 6-digit code from your authenticator app.

  • The code refreshes every 30 seconds — enter the current code.
  • If you don't have your phone — click "Use a backup code" and enter one of your 8 saved codes.
  • Check "Remember this device" to skip the code for 30 days on this browser.

Backup Codes#

Backup codes are one-time codes for signing in when you don't have access to your authenticator app. 8 codes are generated when you set up 2FA.

  • Each code can only be used once — it is deleted after use.
  • Store codes in a password manager or print them and keep them somewhere safe.
  • When you're running low on codes the system will warn you in Settings. Click "Regenerate backup codes" to get a fresh set of 8 (old ones are invalidated immediately).
💡

Never share backup codes with anyone. Qwizoo will never ask for your codes via email or support chat.

How to Disable 2FA#

  1. 1Go to Settings → Security.
  2. 2Click "Disable two-factor authentication".
  3. 3Enter the current 6-digit code from your app to confirm.

Trusted Devices#

When signing in with 2FA enabled you can mark the browser as trusted using the "Remember this device" option. For 30 days that browser will not ask for a 2FA code again.

Device trust is automatically revoked in the following cases:

  • You changed your account password.
  • You confirmed an email address change.
  • You reset your password via "Forgot password".

Security Recommendations#

Strong password

Use a unique password of at least 12 characters with uppercase and lowercase letters, numbers and special characters. Password managers (1Password, Bitwarden) help store and generate passwords securely.

Don't share access

For team collaboration use the Team feature (Premium) — invite colleagues as editor or viewer. Never share your login and password with other people.

Check active sessions

If you suspect unauthorised access — change your password. This automatically ends all active sessions and invalidates trusted devices.

Team & Access