Todos os artigos

Security · Updated 29 de mai. de 2026

Two-factor authentication (2FA)

Two-factor authentication adds a second step at sign-in, usually a code from an authenticator app, so a stolen password alone is not enough to access your account. If you manage social accounts, billing, API keys, or company membership in Styrar, enabling 2FA is one of the simplest ways to reduce account risk.

2FA is especially important for owners and admins because those roles can often change workspace settings, invite members, manage billing, or create credentials. It is also useful for anyone who publishes on behalf of a brand.

Turning on 2FA

Open Settings → Profile, start the 2FA setup flow, and scan the QR code with an authenticator app such as Google Authenticator, 1Password, Authy, or another app that supports time-based one-time passwords. Enter the confirmation code to finish enrollment.

Before you begin:

  • Make sure your phone or password manager is available.
  • Use an authenticator app you can recover if your device changes.
  • Complete setup in one sitting so the enrollment secret is not left half-configured.
  • Store any backup codes the product provides in a safe offline place.

After scanning the QR code, your authenticator app will show a six-digit code that refreshes every short interval. Enter the current code in Styrar to confirm that both sides are in sync. If the code fails, wait for the next code and try again. Also confirm your device time is set automatically because incorrect device time can break authenticator codes.

Signing in

After 2FA is enabled, log in with your email and password, then enter the current six-digit code from your app when prompted. The code changes frequently, so use the newest visible code. If a code is about to expire, wait for the next one before submitting.

If you use OAuth sign-in, such as Google or Microsoft, Styrar may still require the second factor depending on how your account is configured. Treat 2FA as protection for your Styrar account, not only for password login.

Do not share one-time codes with anyone. Styrar support will not ask you to send an active 2FA code in a ticket.

Recovery

If you lose access to your authenticator device, use your account recovery path, for example backup codes or support-assisted recovery if your organization provides it. Keep backup codes offline in a safe place if the product offers them. A password manager secure note, printed copy in a locked place, or company credential vault can all work if your team policy allows it.

If you are part of a company workspace, tell another owner or admin when you are locked out. They may not be able to bypass 2FA, but they can help confirm your role and keep workspace operations moving while recovery is handled.

If you replace your phone, move your authenticator accounts before wiping the old device. Many authenticator apps provide export or cloud recovery options, but each app handles this differently.

When to review 2FA

Review your 2FA setup when:

  • You get a new phone.
  • You change password managers.
  • You become a workspace owner or admin.
  • Your team starts using API keys or connected apps.
  • You suspect your email or password was exposed.
  • Your organization updates its security policy.

For teams, consider making 2FA part of onboarding for anyone with publishing, billing, or member-management permissions.

Troubleshooting

If codes are rejected repeatedly, check device time, confirm you are using the Styrar entry in your authenticator app, and try the next code. If you still cannot sign in, use the recovery option or open a support ticket from an account that can still access the workspace.

Need more help?

Open a ticket from Help → Tickets (sign in required).

Join the beta waitlist

By signing up you agree to receive marketing email. See our Privacy Policy.