Skip to content

Two-Factor Authentication (2FA)

Two-factor authentication adds a second verification step to your login. EU CAPTCHA supports TOTP (Time-based One-Time Password), compatible with standard authenticator apps.

Supported authenticator apps

  • Google Authenticator (iOS / Android)
  • Authy (iOS / Android / desktop)
  • Microsoft Authenticator (iOS / Android)
  • 1Password, Bitwarden, and other password managers with TOTP support
  • Any RFC 6238-compatible TOTP app

Enabling 2FA

Account profile page showing Two-Factor Authentication section

  1. Go to Account → Profile.
  2. In the Two-Factor Authentication section, click Set Up 2FA.
  3. On the setup page, click Generate QR Code.
  4. A QR code is displayed. Open your authenticator app and scan it.
  5. If you cannot scan, copy the secret key shown below the QR code and enter it manually into your app.
  6. Your authenticator app will begin generating a 6-digit code that refreshes every 30 seconds.
  7. Enter the current code in the Verification code field and click Verify & Enable.
  8. A confirmation message reads: "Two-factor authentication has been enabled successfully."

Save your TOTP secret key

If you lose access to your authenticator app, you will need the secret key to restore 2FA on a new device. Store it in a password manager or another secure backup — it is only shown once during setup.

Logging in with 2FA

After entering your email and password you are prompted to enter the current 6-digit code from your authenticator app. The code is valid for 30 seconds. If it expires before you submit, wait for the next code.

Disabling 2FA

  1. Go to Account → Profile.
  2. In the Two-Factor Authentication section, click Disable 2FA.
  3. A confirmation dialog appears. Enter your current 6-digit authenticator code and click Confirm Disable.

Disabling 2FA reduces your account security

Consider using a passkey as a phishing-resistant alternative before disabling 2FA.

Recovery

If you lose access to your authenticator app:

  1. Contact Myra Security support with proof of identity.
  2. Support will disable 2FA on your account so you can log in with your password.

Recommendation: Store the TOTP secret key (shown during setup) in a secure backup (e.g. a password manager). You can re-add it to a new authenticator app at any time without contacting support.

2FA and passkeys

2FA and passkeys can be active at the same time. When you log in with a passkey, 2FA is not required — passkey authentication is already strongly verified by your device. The 2FA prompt only appears on password-based logins.