Two-factor authentication (2FA)

Extra security with two-factor authentication

Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to staff accounts by requiring an authenticator code during login.

What Is 2FA?

Two-factor authentication requires two forms of identification:

  1. Something you know (password)
  2. Something you have (authenticator app on your phone)

This means that even if a password is compromised, an attacker cannot access the account without the second factor.

Enabling 2FA

  1. Navigate to Team > Staff
  2. Select the Access & Permissions tab
  3. Find the Two-Factor Authentication card
  4. Toggle the switch on

Once enabled, all team members will be required to set up an authenticator app.

Setting Up an Authenticator App

Staff members will need an authenticator app, such as:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • 1Password

Setup process:

  1. Open the authenticator app
  2. Scan the QR code displayed during setup
  3. Enter the 6-digit code to verify

Using 2FA

After setup, logging in requires:

  1. Enter email and password
  2. Open the authenticator app
  3. Enter the 6-digit code

The code changes every 30 seconds for security.

Important Notes

  • 2FA is an optional security feature
  • Currently the toggle is prepared (full implementation coming soon)
  • We recommend enabling 2FA for businesses handling sensitive customer data
  • Staff members should back up their authenticator app

Troubleshooting

Lost Access to Authenticator

Contact the business owner or administrator to reset 2FA.

Code not working

  • Check that your phone's time is correctly synced
  • Try waiting for a new code to generate
  • Verify that you're using the correct authenticator entry

Use case scenarios

Scenario 1: Mandatory 2FA on owner account

Owner has full access to revenue, customer data, settings. 2FA mandatory. If password leaks, infiltrator still can't get in.

Scenario 2: Optional 2FA for reception

Receptionist has limited access. 2FA optional. Security-conscious can enable, others don't.

Scenario 3: Recovering compromised account

Stylist reports suspicious activity. Manager requires 2FA from her. After password change + 2FA activation, secure.

Scenario 4: Audit compliance

Inspector checks data security. Demonstrable that owner and manager are 2FA-protected. Audit passes.

Tips

  • Mandatory for Manager+ roles: highest risk surface.
  • Authenticator app, not SMS: SMS is more vulnerable.
  • Generate backup codes: phone-loss recovery.
  • Time sync: TOTP code generates by clock, drift causes errors.
#2fa#two-factor#security#authentication#biztonság#hitelesítés
Previous
Permission templates
Next
Managing staff member access
💬

Have a question? Ask the AI assistant

The Bookinda AI knows the entire help center and can answer in seconds.

B

Bookinda AI Assistant

Ask anything about features, settings, or integrations.

Hi! I'm the Bookinda assistant. I can answer questions about features, billing, integrations, and more. What would you like to know?

Still need help?

Get in touch with our support team.

Contact us