Two-Factor Authentication
Account โ Two-Factor Auth adds a second verification step to your login. After enabling, signing in requires your password plus a 6-digit code from your authenticator app.
Compatible Appsโ
Any TOTP authenticator works:
- Google Authenticator (iOS / Android)
- Authy (iOS / Android / Desktop)
- Microsoft Authenticator
- 1Password, Bitwarden, or any password manager with TOTP support
Enabling 2FAโ
Step 1 โ Generate the Secretโ
- Go to Account โ Two-Factor Auth.
- Click Setup Two-Factor Authentication.
- A QR code appears.
Step 2 โ Scan in Your Appโ
- Open your authenticator app โ Add Account โ Scan QR code.
- Scan the QR code. A LeadHub entry is added, generating a 6-digit code every 30 seconds.
Step 3 โ Verify and Enableโ
- Enter the current 6-digit code from your app.
- Click Enable Two-Factor Authentication.
- Your Recovery Codes appear โ save them now (shown once only).
Recovery Codesโ
You receive 8 one-time recovery codes. Use one when you can't access your authenticator (lost phone, new device).
Each code is valid once only. After use, it's invalidated.
To regenerate: Go to Account โ Two-Factor Auth โ click Regenerate Recovery Codes. Old codes are immediately invalidated.
Signing In with 2FAโ
- Enter email + password as normal.
- Enter the 6-digit code from your authenticator app (or a recovery code).
- Click Verify.
Disabling 2FAโ
Go to Account โ Two-Factor Auth โ click Disable Two-Factor Authentication.
If your workspace admin has enabled Enforce 2FA (under Settings โ Security), you cannot disable 2FA โ it is required for all team members.
Workspace-Wide 2FA Policyโ
Admins can require 2FA for all team members via Settings โ Security โ Enforce Two-Factor Authentication. When enabled:
- New members must set up 2FA on first login
- Existing members without 2FA are prompted before accessing the panel