Prerequisites
- A signed-in ShingleAI account with email-and-password sign-in (your password is required to enable 2FA)
- An authenticator app installed on your phone or password manager
Enable two-factor authentication
- Navigate to Settings > User > Security
- In the Two-factor authentication card, click Enable two-factor authentication
- Enter your current password to confirm
- Scan the displayed QR code with your authenticator app — or enter the secret manually if you can’t scan
- Enter the 6-digit code your app generates to verify the setup
- Save the backup codes displayed on the next screen, then click Done
Backup codes
Each backup code can be used once in place of a TOTP code. Use them when you don’t have your authenticator app handy — for example, after losing or wiping a phone. To generate a fresh set:- In the Two-factor authentication card, click Regenerate backup codes
- Enter your current password
- Save the new codes — the previous set is invalidated immediately
Sign in with two-factor authentication
When 2FA is enabled, sign-in requires two steps:- Enter your email and password
- Enter the 6-digit code from your authenticator app (or a one-time backup code)
Disable two-factor authentication
- Navigate to Settings > User > Security
- In the Two-factor authentication card, click Disable 2FA
- Enter your current password to confirm
Limitations
- Self-serve only. 2FA is per-user; ShingleAI does not yet support organization-wide 2FA enforcement
- Active sessions list not yet available. You can’t currently view or revoke individual signed-in sessions from the security settings page — clearing browser cookies or changing your password ends all sessions
Recovering a locked-out account
If you’ve lost access to both your authenticator app and your backup codes, contact support — there is no self-serve path to disable 2FA without one of those factors.Next steps
Passkeys
Sign in with biometrics or a hardware key
API keys
Programmatic access for integrations