security

2FA (TOTP)

The standard second factor, in every account.

Enroll in seconds with any authenticator app (Google Authenticator, Authy, 1Password). Scan the otpauth URL, verify a 6-digit code, done. Login prompts for the code when 2FA is enabled.

pyotp library — industry-standard HOTP/TOTP
±30 s clock drift tolerance
Disable requires a valid code — prevents session-hijack bypass
Password reset auto-invalidates sessions (forces re-login)

How it works

/api/auth/2fa/setup generates the secret + otpauth URL. /api/auth/2fa/verify enables on first valid code. /api/auth/login returns 401 totp_required when 2FA is on.

Enable at /dashboard/settings/2fa.

Start free Sign in

More security features

Multi-tenant isolation
One codebase, many companies, zero crosstalk.
OIDC / SAML single sign-on
Corporate accounts signing in via your IdP.
Audit log
Every change, with who + when + what.
Soft-delete + super-admin restore
Mistakes happen. Data does not disappear.