Two-factor authentication (2FA)

Riskrunner supports time-based one-time password (TOTP) two-factor authentication for password-based accounts.

When enabled, users must enter:

  1. Their password, and

  2. A 6-digit code from their authenticator app (or a backup code)

This adds an extra layer of protection if a password is compromised.

Note

Users who sign in through Single Sign-On (SSO) manage multi-factor authentication through their identity provider. 2FA setup in Riskrunner is not required for those users.

Enable 2FA

  1. Open your Profile page.

  2. In Two-factor authentication, click Enable 2FA.

Profile page showing 2FA disabled and Enable 2FA button

  1. Enter your account password to begin setup.

Enable 2FA modal asking for account password

  1. Scan the QR code with your authenticator app (or copy the manual setup secret). You can use any standard TOTP app (e.g. Bitwarden, Proton Pass, Microsoft Authenticator, Google Authenticator, 1Password, Authy).

2FA setup screen with QR code and manual setup key

  1. Save your backup codes in a secure location.

2FA setup screen showing backup codes and confirmation checkbox

Important

If you lose access to your authenticator app, the backup codes are the only alternative 2fa method to get into your account.

  1. Enter the current 6-digit code from your authenticator app.

  2. Click Verify & Enable.

2FA setup verification screen with authenticator code input

After successful verification, your account shows Enabled and 2FA is required at login.

Profile page showing 2FA enabled with management actions

Sign in with 2FA

After entering email and password, Riskrunner prompts for a second factor:

  • Enter the 6-digit authenticator code, or

  • Select Use a backup code and enter one backup code.

Login challenge asking for authenticator or backup code

Backup codes are single-use. After a backup code is used, it cannot be reused.

Regenerate backup codes

If you need a new set of backup codes:

  1. Go to Profile > Two-factor authentication.

  2. Click Regenerate backup codes.

  3. Enter an authenticator code.

  4. Save the new codes securely.

Regenerate backup codes modal requesting authenticator code

Important

Regenerating backup codes invalidates all previously issued backup codes.

Disable 2FA

  1. Go to Profile > Two-factor authentication.

  2. Click Disable.

  3. Enter your password and an authenticator code.

  4. Confirm disable action.

Disable 2FA modal requesting password and authentication code

After disabling, sign-in returns to password-only authentication.

Troubleshooting

Invalid authentication code

  • Ensure your device time is set automatically.

  • Wait for the next code interval and retry.

  • Confirm you are using the correct authenticator account entry.

Lost authenticator device

Use one of your saved backup codes to sign in, then set up 2FA again from Profile settings.

No backup codes available

If you are already signed in, regenerate backup codes immediately from Profile > Two-factor authentication. If you are locked out and have no backup codes, contact your workspace administrator for account recovery support.