2FA

Profitsla provides robust Two-Factor Authentication using Time-based One-Time Passwords (TOTP) to enhance account security. This guide covers the complete 2FA setup and management process.

What is 2FA?

Two-Factor Authentication adds an extra layer of security to your account by requiring:

  1. Something you know: Your password

  2. Something you have: Your mobile device with authenticator app

Profitsla uses TOTP (Time-based One-Time Password) standard, compatible with popular authenticator apps like:

  • Google Authenticator

  • Authy

  • Microsoft Authenticator

  • 1Password

Security Features

Secret Key Security

  • Encryption: TOTP keys are encrypted before database storage

  • Unique Keys: Each user gets a unique 160-bit secret

  • Secure Generation: Cryptographically secure random generation

Validation Security

  • Time Window: 30-second TOTP validity window

  • Replay Protection: Each code can only be used once

  • Rate Limiting: Failed TOTP attempts count toward login limits

Recovery Options

  • Disable via Support: Contact support to disable 2FA if device is lost

  • Account Verification: Strict identity verification required for 2FA reset

Troubleshooting 2FA

Common Issues
Issue
Cause
Solution

"Invalid OTP"

Wrong code or time sync issue

Check device time sync, try new code

"TOTP not enabled"

2FA not activated

Complete 2FA activation first

"TOTP already enabled"

2FA already active

Use existing setup or disable first

"OTP expired"

Code used after 30-second window

Generate new code

Time Synchronization

TOTP codes are time-sensitive. Ensure your device clock is synchronized:

  • Android: Settings > Date & Time > Automatic

  • iOS: Settings > General > Date & Time > Set Automatically

Lost Device Recovery

If you lose access to your authenticator device:

  1. Contact ProfitSla support

  2. Provide account verification information

  3. Support will disable 2FA after verification

  4. Set up 2FA again with new device

Best Practices

For Users

  1. Backup Codes: Save the secret key securely as backup

  2. Multiple Devices: Add the same account to multiple authenticator apps

  3. Regular Testing: Periodically test your 2FA setup

  4. Secure Storage: Keep backup codes in secure location

For Security

  1. Enable Immediately: Set up 2FA as soon as possible after registration

  2. Don't Share: Never share TOTP codes or secret keys

  3. Device Security: Keep your authenticator device secure

  4. Regular Updates: Keep authenticator apps updated

Ready to manage your password? Continue to Password Management.

PreviousLogin

Last updated

Was this helpful?