Skip to main content

Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to your Omnivoo account. With 2FA enabled, logging in requires both your email OTP and a code from your authenticator app, making it significantly harder for anyone else to access your account.

Why Use 2FA?

Omnivoo handles sensitive data -- payroll, tax information, bank accounts, and government IDs. Even though Omnivoo's passwordless login is already secure, 2FA provides additional protection:

  • If your email is compromised, an attacker still cannot log in without your authenticator app.
  • Compliance requirements in some organizations mandate 2FA for systems handling financial data.
  • Peace of mind knowing your account has a second line of defense.
info

2FA is optional for all users but strongly recommended, especially for employer accounts with admin-level access.

Enabling 2FA

  1. Log in to your Omnivoo account.
  2. Click your avatar at the top of the left sidebar and select Profile.
  3. On the My Profile page, expand the Security section.
  4. In the Two-Factor Authentication section, click Enable Two-Factor Authentication.
  5. A QR code is displayed on screen.
  6. Open your authenticator app (Google Authenticator, Authy, Microsoft Authenticator, or any TOTP-compatible app) and scan the QR code.
  7. Your authenticator app generates a 6-digit code that refreshes every 30 seconds.
  8. Enter the current 6-digit code from your authenticator app into the verification field.
  9. Click Verify & Enable. This button stays disabled until you have entered a complete 6-digit code.

Once verified, 2FA is active on your account and your recovery codes are shown. From then on, the Two-Factor Authentication section shows an Enabled badge and the date it was enabled, along with buttons to Regenerate Recovery Codes and Disable Two-Factor Authentication.

tip

If you cannot scan the QR code, use the secret key shown on the same screen under "Or enter this secret key manually" -- type it into your authenticator app instead.

Recovery Codes

After enabling 2FA, Omnivoo generates a set of one-time recovery codes. These codes are your backup if you lose access to your authenticator app.

What recovery codes are

  • Each code can be used exactly once as a substitute for your authenticator code during login.
  • A set of 8 codes is generated at a time.
  • Once a code is used, it is permanently consumed and cannot be reused.

Saving your recovery codes

  1. After enabling 2FA, your recovery codes appear on screen in a grid, each formatted as XXXX-XXXX. They are shown only once.
  2. Click Download codes to save them as a text file named omnivoo-recovery-codes.txt.
  3. Store them in a secure location -- a password manager, a locked file, or printed and stored physically.
  4. When you have saved them, click I've saved my codes to dismiss the panel.
warning

If you lose both your authenticator app and your recovery codes, you will need to contact Omnivoo support to regain access to your account. This process requires identity verification and may take time. Save your recovery codes securely.

Regenerating recovery codes

If you have used several recovery codes or suspect they have been compromised:

  1. Go to My Profile > Security > Two-Factor Authentication.
  2. Click Regenerate Recovery Codes.
  3. Enter your current authenticator code and click Regenerate. The Regenerate button stays disabled until you have entered all 6 digits.
  4. A new set of codes is generated. Your old codes are immediately invalidated.
  5. Click Download codes and store them securely.

Logging In with 2FA

Once 2FA is enabled, the email-code login flow adds one step:

  1. Enter your email on the login page.
  2. Enter the 6-digit OTP sent to your email.
  3. Enter your authenticator code -- open your authenticator app and type the current 6-digit code.
  4. You are logged in.

The authenticator step follows the email-code path. If you sign in with Google instead, Omnivoo logs you in directly and does not prompt for an authenticator code.

Using a recovery code instead

If you do not have access to your authenticator app:

  1. On the 2FA verification screen, click lost your device? use a recovery code.
  2. The screen switches to a single text field (example format a1b2-c3d4, and the dashes are optional). A helper line reads "Each code works once. Keep the rest somewhere safe." Enter one of your unused recovery codes.
  3. Click Verify. You are logged in.
tip

After using a recovery code to log in, set up your authenticator app again as soon as possible. Each recovery code can only be used once, and you have a limited number of them.

Disabling 2FA

If you need to turn off two-factor authentication:

  1. Go to My Profile > Security > Two-Factor Authentication.
  2. Click Disable Two-Factor Authentication.
  3. Enter your current authenticator code and click Confirm Disable. The Confirm Disable button stays disabled until you have entered all 6 digits.
  4. 2FA is removed from your account.

After disabling, you will only need your email OTP (or Google sign-in) to log in. Your recovery codes are invalidated.

warning

Disabling 2FA reduces the security of your account. Only disable it if you have a specific reason, and consider re-enabling it once the issue is resolved.

Changing Your Authenticator App

If you are switching to a new phone or a different authenticator app:

  1. Disable Two-Factor Authentication on your Omnivoo account (requires your current authenticator code).
  2. Set up the new authenticator app on your new device.
  3. Re-enable 2FA and scan the new QR code with your new app.
  4. Save your new set of recovery codes.

Frequently Asked Questions

Can I use any authenticator app? Yes. Any app that supports TOTP (Time-based One-Time Passwords) works. Popular options include Google Authenticator, Authy, Microsoft Authenticator, and 1Password.

What if my phone's time is wrong? TOTP codes depend on accurate time. If your codes are not being accepted, check that your phone's clock is set to automatic (synced with network time).

Is 2FA required? 2FA is optional and is enabled per user from your own My Profile page. There is no organization-wide setting that forces 2FA on your team. (Companies that want centrally enforced sign-in can require Single Sign-On instead.)