Security
v1.0
4 min read
Two-factor authentication
Learn how to enable and use two-factor authentication (2FA) in Wasapia to add an extra layer of security to your account.
Two-factor authentication
Two-factor authentication (2FA) adds a second verification step to your login. Even if someone obtains your password, they cannot access your account without the 6-digit code generated by your authenticator app.
Wasapia uses TOTP (Time-based One-Time Password, RFC 6238) — the same open standard used by Google Authenticator, Authy, Microsoft Authenticator, and 1Password.
Before you start
You need a TOTP-compatible authenticator app installed on your phone. Any of the following work:
- Google Authenticator (iOS / Android)
- Authy (iOS / Android / Desktop)
- Microsoft Authenticator
- 1Password
- Any other app that supports RFC 6238 TOTP codes
Enabling 2FA
Step 1 — Open your security settings
- Log in to your Wasapia account.
- Click your avatar or name in the top-right corner and select Profile.
- Click the Security tab.
- Under the Two-factor authentication section, click Enable 2FA.
Step 2 — Scan the QR code
A QR code appears on screen. Open your authenticator app, add a new account, and scan the code.
Cannot scan the QR code? Click the copy icon next to the manual entry key shown below the QR code. In your authenticator app, choose "enter key manually" and paste the code.
Step 3 — Confirm with a code
Once you have added the account to your app, enter the current 6-digit code shown in the app and click Confirm and enable.
The code rotates every 30 seconds — use the most recent one. If verification fails, wait for the next code cycle and try again.
Step 4 — Done
A confirmation screen appears. Your account is now protected with 2FA.
Logging in with 2FA
Once 2FA is enabled, the login flow has two steps:
- Enter your email and password as usual and click Login.
- Open your authenticator app, find the Wasapia entry, and enter the current 6-digit code.
- Click Verify.
If the code is correct you are logged in immediately. If it is rejected, wait for the code to refresh (codes change every 30 seconds) and try again.
Tip: make sure the clock on your phone is set to sync automatically. TOTP codes are time-sensitive — a clock that is more than 30 seconds out of sync will produce invalid codes.
Disabling 2FA
If you want to remove 2FA from your account:
- Go to Profile → Security.
- Click Disable 2FA.
- Enter the current 6-digit code from your authenticator app to confirm.
- Click Disable 2FA.
2FA is immediately removed. You can re-enable it at any time.
Warning: disabling 2FA reduces the security of your account. We recommend keeping it enabled, especially if your account has access to production integrations or customer data.
Troubleshooting
"Invalid code" error at login
| Possible cause | Fix |
|---|---|
| Phone clock is not synced | Enable automatic time sync in your phone settings |
| Code expired before submission | Wait for the next code (every 30 seconds) and try again |
| Wrong account selected in the app | Make sure you are using the Wasapia entry |
Lost access to your authenticator app
If you have lost your phone or deleted your authenticator app and can no longer generate codes, contact support@wasapia.com from the email address registered on your account. Our team will verify your identity and help you regain access.
QR code is not visible
Some browser extensions (ad blockers, privacy tools) may block the QR code image. Try disabling extensions temporarily or use a different browser.
Frequently asked questions
Can I use the same authenticator account on multiple devices?
Yes. Most authenticator apps (Authy, 1Password) support multi-device sync. If you use Google Authenticator, consider exporting your accounts before switching phones.
Does Wasapia support hardware security keys (FIDO2 / WebAuthn)?
Not yet. TOTP 2FA is the supported method. FIDO2 support is on the roadmap.
Is 2FA required for all accounts?
2FA is optional for all users and mandatory for accounts with the admin role. We strongly recommend enabling it on any account that manages integrations or customer data.
What happens to active sessions when I disable 2FA?
Existing authenticated sessions remain valid. Only new logins will no longer require the TOTP step.