Account & Settings · Auth & Security

Set up two-factor authentication

Add a second factor (TOTP authenticator app) to your sign-in. Recommended for everyone, required for Team admins.

2 min read

Two-factor authentication (2FA) means signing in needs two things: your password (something you know) and a code from an authenticator app on your phone (something you have). If someone steals your password, they still can't get in.

What you'll need

  • An authenticator app: 1Password, Authy, Google Authenticator, Duo, or any other TOTP-compatible app
  • 2 minutes

Steps

  1. Go to Settings → Security → Two-factor authentication.
  2. Click Enable 2FA.
  3. Open your authenticator app on your phone, tap "+", scan the QR code on screen.
  4. The app shows a 6-digit code that refreshes every 30 seconds. Type the current code into Ritsu.
  5. Ritsu shows you 10 recovery codes. Each one works once, replaces a phone code, and is consumed when used. Save them somewhere safe: a password manager, a printed copy in a desk drawer. NOT in Ritsu itself, NOT only on the phone you just configured.
  6. Click Confirm.

2FA is now active. Next time you sign in, after entering your password you'll be prompted for a 6-digit code.

Signing in with 2FA

  1. Email + password as usual
  2. Open authenticator app, find Ritsu, type the current 6-digit code
  3. Optionally check Trust this device for 30 days to skip 2FA on this browser

I lost my phone

Use a recovery code:

  1. Sign-in screen → "I don't have my phone" link below the code field
  2. Type any one of your 10 recovery codes
  3. You're in. That code is now consumed.
  4. Immediately open Settings → Security → 2FA → Reset 2FA to set up a new authenticator and get fresh recovery codes.

If you've lost both phone and recovery codes: email support@ritsu.ai with proof of identity (last billing receipt, account ID, secondary email). Recovery takes 24-48 hours and requires manual verification.

Required for Team admins

Team plan administrators are required to have 2FA enabled. We enforce this on the admin role; switching a team member to admin without 2FA prompts them to set it up first.

Tips

  • Use a password manager that handles TOTP (1Password, Bitwarden) — codes auto-fill on sign-in.
  • Print your recovery codes once. Phones break. Drives die. Paper survives.
  • Don't share recovery codes. Each one is a sign-in key.

Was this article helpful?