Two-Factor Authentication

accountsecurity2famfaauthenticatorbackup codestotp

What is Two-Factor Authentication?

Two-factor authentication (2FA) adds a second step to your sign-in process. After entering your password, you also enter a short code from an authenticator app on your phone. This means even if someone learns your password, they cannot access your account without your phone.

2FA is optional. You can enable or disable it at any time from your Account Settings.

Setting Up 2FA

  1. Go to your Account page and find the Security section
  2. Click Set up two-factor authentication
  3. Install an authenticator app if you do not already have one (Google Authenticator, Authy, or 1Password all work)
  4. Scan the QR code with your authenticator app
  5. Enter the 6-digit code your app shows to verify the connection
  6. Save your backup codes somewhere safe

The setup takes about a minute.

Signing In with 2FA

After entering your email and password, you will see a second screen asking for a 6-digit code. Open your authenticator app, find the Rippily entry, and enter the current code. The code changes every 30 seconds.

If you sign in with Google, 2FA is not required. Google handles its own authentication security.

Backup Codes

When you enable 2FA, Rippily generates eight backup codes. These are your safety net if you lose access to your authenticator app (for example, if you lose your phone).

  • Each backup code can only be used once
  • You can copy or download them during setup
  • You will not be able to see them again after leaving the setup screen
  • Store them in a password manager, a secure note, or print them and keep them somewhere safe

Running Low on Backup Codes

Your Account Settings shows how many backup codes you have remaining. If you are running low, you can regenerate a new set by entering a code from your authenticator app. This replaces all previous codes.

Disabling 2FA

You can disable 2FA from the Security section on your Account page. You will need to enter a code from your authenticator app or one of your backup codes to confirm.

Disabling 2FA removes the extra security layer from your account. After disabling, anyone with your password can sign in.

Locked Out?

If you have lost your authenticator app and used all your backup codes, contact Rippily support. A platform administrator can reset your 2FA so you can sign in again and set it up fresh.

Google Sign-In and 2FA

If you sign in with Google (using the "Continue with Google" button), Rippily does not ask for a 2FA code. Google already handles authentication security on its side, so adding a second Rippily code on top would be redundant.

2FA only applies when you sign in with your email and password. If your account uses Google Sign-In exclusively and you have not set a password, the 2FA option will not appear in your settings.

Tips

  • Use a password manager like 1Password or Bitwarden to store both your password and your backup codes
  • Do not rely on screenshots of backup codes -- they can be lost if your phone breaks
  • Enable 2FA on your email too -- your email account is the recovery path for most services, including Rippily