Account & Billing3 min readMediumUpdated Apr 27, 2026

Account

Two-factor authentication

Add a second verification step at sign-in using an authenticator app. Save the backup codes — we cannot recover them.

Quick answer

Settings → Account → Security → Enable 2FA. Scan the QR code with an authenticator app, save the backup codes somewhere safe, confirm with the 6-digit code. Future sign-ins ask for the code after your password.
security2faauthentication
ShareXLinkedIn

Two-factor auth (2FA) adds a second verification step at sign-in. If your password is leaked or guessed, the attacker still can't get in without your authenticator app.

Before you start

  • An authenticator app installed on your phone — any TOTP app works: Google Authenticator, Authy, 1Password, Bitwarden, Microsoft Authenticator, etc.
  • Two minutes and somewhere safe to store backup codes (password manager is ideal; a paper note in a drawer is also fine).

Enable 2FA

Settings → Account → Security

From the dashboard, your avatar → SettingsAccount → Security.

Click Enable two-factor authentication

A QR code appears.

Scan with your authenticator app

Open your app, tap the + to add an account, and point the camera at the QR code. The app starts generating a 6-digit code that rotates every 30 seconds.

Save your backup codes

The page shows 8 one-time backup codes. Save them now — they're the only way to regain access if you lose your authenticator. Store in a password manager or a sealed paper note. They each work exactly once.

We can't recover backup codes

The codes only display once. We don't keep a copy. Lose the codes and the authenticator and you'll need to verify your identity through support, which takes 24–48 hours.

Confirm with a current code

Type the 6-digit code your authenticator is showing right now. 2FA is enabled.

Sign in with 2FA enabled

Email + password as usual

Or Continue with Google.

2FA prompt

A new screen asks for the 6-digit code.

Enter the code

Open your authenticator and type the current code. Codes rotate every 30 seconds — if it's about to flip, wait for the new one rather than typing fast.

Use a backup code

If your authenticator is unavailable (lost phone, locked-out app):

  1. On the 2FA prompt, click Use a backup code.
  2. Enter one of your saved codes.
  3. The code is consumed — it won't work again.

After signing in this way, generate fresh backup codes from Settings → Account → Security.

Disable 2FA

Settings → Account → Security → Disable two-factor authentication. You'll need to confirm with a current code or a backup code.

We strongly recommend leaving 2FA on, but it's your account.

Common pitfalls

Codes always 'invalid'

Almost always a clock issue. TOTP codes depend on accurate time synchronization. On Android: open Google Authenticator → menu → Settings → Time correction for codes. On iOS: open Settings → General → Date & Time → enable Set automatically.

Lost both phone and backup codes

Email [email protected] from your account email. We verify identity with account details (rough signup date, payment method last 4, recent activity) and respond within 24–48 hours.

Multiple authenticator apps showing different codes

Whichever app scanned the QR code at setup is the canonical one. The others are showing codes for whatever they were set up with. Use the original.

Next steps

  • Read the privacy guide for the broader security picture (encryption, third-party services, etc.).
  • If you signed up with Google, your Google account's 2FA already protects sign-in to Daybreak — turning on Daybreak 2FA on top adds another layer for the rare cases of session hijack.

Still need help?

Pick whichever way of getting help works best for you.

Submit a ticketWe typically reply within a dayContact usSee all the ways to reach us

Was this article helpful?

Related articles

Account

Login issues

Read
Account

Privacy & data — what we collect and how it's protected

Read
Account

Create an account

Read