How do I configure 2FA on my account?
Learn how to enable and manage two-factor authentication (2FA) on your GA.NU account using an authenticator app, a security key, or SMS. This guide covers setup, recovery codes, sign-in flow, and troubleshooting.
account-security2faauthentication
How do I configure 2FA on my account?
Two-factor authentication (2FA) adds an extra layer of security to your GA.NU account by requiring a second proof of identity in addition to your password. This helps protect your .ga.nu domain management from unauthorized access.
Before you start
- Make sure you can sign in to your GA.NU account with your email and password.
- Decide which 2FA method you want to use (you can add more than one):
- Authenticator app (TOTP) â recommended. Works with apps like 1Password, Google Authenticator, Microsoft Authenticator, and Authy.
- Security key (FIDO2/WebAuthn) â works with devices like YubiKey or platform passkeys on supported browsers/devices.
- SMS codes (where available) â less secure than authenticator apps or security keys; use as a backup.
- Have a safe place (preferably offline) to store recovery codes.
Enable 2FA (web)
- Sign in to your GA.NU account.
- Go to: Account > Security.
- Find "Two-Factor Authentication" and select "Enable".
- Choose your preferred method and follow the steps below.
Choose a 2FA method
Authenticator app (TOTP)
- On the 2FA setup screen, choose "Authenticator app".
- Open your authenticator app and add a new account.
- Scan the QR code shown on GA.NU (or manually enter the secret key provided).
- Your app will generate a 6-digit code that changes every 30 seconds.
- Enter the current 6-digit code on GA.NU to verify.
- Save your recovery codes when prompted.
Example of a TOTP code entry:
Enter the 6-digit code from your authenticator: 123456
Tips:
- If codes fail, ensure your phoneâs time is set to automatic and is accurate.
- Consider adding the same TOTP secret to a second device (e.g., a password manager that supports TOTP) for backup.
Security key (FIDO2/WebAuthn)
- Choose "Security key".
- When your browser prompts you, insert or activate your hardware key, or register a built-in passkey on your device.
- Follow on-screen instructions (you may be asked to touch the key, enter a PIN, or use biometrics).
- Give the key a recognizable name (e.g., "YubiKey Nano" or "Laptop Passkey").
- Save your recovery codes.
Tips:
- Register at least two keys (e.g., primary + backup) to avoid lockouts.
- Keep one key stored securely at home.
SMS codes (where available)
- Choose "SMS" and verify your phone number.
- Enter the 6-digit code sent via text to confirm.
- Save your recovery codes.
Notes:
- SMS is convenient but more vulnerable than authenticator apps or hardware keys. Prefer TOTP or security keys.
- Availability may vary by region and carrier.
Save your recovery codes (important)
After enabling 2FA, GA.NU will show one-time recovery codes. Use these only if you lose access to your second factor.
- Download as a .txt file or print the codes.
- Store them offline in a secure place (e.g., a safe).
- Do not keep them in email or cloud notes without encryption.
Example recovery codes:
GA.NU Recovery Codes
Use each code once. Keep offline.
7KXJ-9M2C-HT8P
P4QR-V6ND-2WYA
MZ3F-Q8LJ-7KSV
H2BD-PR9X-4EJT
C7NL-X9TA-5WQY
24JH-KP6M-XQ8D
VY5E-R3TL-9GPN
QN8K-6MDY-2JZH
WX4C-7BRT-P9LA
TD6Q-MX3N-8VJS
What to expect when signing in
- Enter your email and password as usual.
- Youâll be prompted for your second factor:
- Authenticator app: enter the current 6-digit code.
- Security key: follow the browser prompt (touch key, PIN, biometrics).
- SMS: enter the code you received by text.
- If offered, you may choose "Trust this device" to reduce prompts for a limited time. Only trust personal devices.
Manage, add, or disable 2FA
- Go to Account > Security > Two-Factor Authentication.
- You can:
- Add additional methods (e.g., a backup security key or a second authenticator app).
- Rename or remove registered security keys.
- Regenerate recovery codes (this invalidates old codes).
- Temporarily disable 2FA (requires a current 2FA code or a recovery code).
Best practices:
- Keep at least two second-factor methods (e.g., authenticator + backup key).
- Update your recovery codes if you suspect they were exposed.
- Review trusted devices and sign-outs periodically.
Troubleshooting
- My authenticator codes donât work:
- Ensure your phoneâs time is set automatically and is accurate.
- Try a fresh code; TOTP codes expire every ~30 seconds.
- Re-scan the QR code and verify you entered the correct secret.
- I lost my phone/security key:
- Use a recovery code to sign in.
- Add a new authenticator or security key immediately.
- Remove the lost device from your 2FA methods.
- I didnât receive an SMS code:
- Check coverage and signal; ensure your number is correct.
- Wait a minute, then request a new code.
- Use your authenticator or a recovery code if available.
- Iâm locked out and have no recovery codes:
- Contact GA.NU Support via the Help Center for identity verification and account recovery.
FAQs
- Can I use a password manager for TOTP?
- Yes. Many password managers can generate TOTP codes. Protect your password manager with strong security.
- Do passkeys work?
- If supported by your browser/device, you can register a platform passkey as a security key method.
- Can organizations require 2FA?
- If you manage an organization, owners/admins may enforce 2FA for members. Check your organizationâs Security settings.
- Will enabling 2FA affect API or CLI access?
- If you use API tokens, they typically remain valid but may require re-authentication or application-specific passwords. See the API credentials section in Account > Security.
Keep your account secure
- Use a unique, strong password for GA.NU.
- Enable 2FA with an authenticator app or security key.
- Store recovery codes offline.
- Regularly review and update your security methods.
If you need help, visit the GA.NU Help Center and contact Support for assistance.