Two-Factor Authentication (2FA)
Last Updated: January 5, 2026
Two-Factor Authentication adds an extra layer of security to your VerifyHuman account by requiring a second form of verification beyond your password.
Table of Contents
- Overview
- 2FA Requirements
- Authentication Methods
- Setting Up 2FA
- Using 2FA
- Recovery Options
- Managing 2FA
- Troubleshooting
Overview
Two-Factor Authentication (2FA) protects your account by requiring:
- Something you know - Your password
- Something you have - A code from your authenticator app or email
Even if someone obtains your password, they cannot access your account without the second factor.
2FA Requirements
Mandatory for Paid Plans
Paid subscribers (Starter, Growth, Pro, Enterprise) are required to enable 2FA.
When you upgrade to a paid plan:
- You'll be prompted to set up 2FA
- You must complete setup to access your dashboard
- 2FA remains required while on a paid plan
Optional for Free Plans
Free plan users can optionally enable 2FA for enhanced security:
- Access via Dashboard > Security
- Enable at any time
- Disable if desired (not recommended)
Authentication Methods
VerifyHuman supports two 2FA methods:
Email OTP (Default)
- One-time codes sent to your registered email
- Code valid for 10 minutes
- New code sent with each login
- Best for users without authenticator apps
TOTP (Time-based One-Time Password)
- Use apps like Google Authenticator, Authy, or 1Password
- Codes regenerate every 30 seconds
- Works offline
- Best for frequent logins and enhanced security
Recommended: TOTP is more secure and convenient for regular users.
Setting Up 2FA
Enable Email OTP
- Go to Dashboard > Security
- Find the Two-Factor Authentication section
- Click "Enable 2FA"
- Select "Email OTP" as your method
- Click "Enable"
- A verification code will be sent to your email
- Enter the code to confirm setup
- 2FA is now active
Enable TOTP (Authenticator App)
- Go to Dashboard > Security
- Find the Two-Factor Authentication section
- Click "Enable 2FA"
- Select "Authenticator App (TOTP)"
- Scan the QR code with your authenticator app:
- Google Authenticator
- Authy
- Microsoft Authenticator
- 1Password
- Any TOTP-compatible app
- Enter the 6-digit code from your app
- Save your recovery codes (important!)
- Click "Verify and Enable"
- 2FA is now active
Recovery Codes
When setting up TOTP, you'll receive recovery codes:
- 10 single-use codes
- Each code can only be used once
- Used if you lose access to your authenticator
- Store securely (password manager, safe, etc.)
Warning: If you lose both your authenticator and recovery codes, account recovery requires identity verification and may take several days.
Using 2FA
Login with Email OTP
- Enter your email and password
- Click "Send Code" to receive email
- Check your email for the 6-digit code
- Enter the code within 10 minutes
- Click "Verify" to complete login
Login with TOTP
- Enter your email and password
- Open your authenticator app
- Find the VerifyHuman entry
- Enter the current 6-digit code
- Click "Verify" to complete login
Tip: TOTP codes refresh every 30 seconds. If a code is about to expire, wait for the next one.
Recovery Options
Lost Authenticator Access (TOTP)
If you lose your phone or authenticator app:
- On the login page, click "Use Recovery Code"
- Enter one of your saved recovery codes
- Complete login
- Go to Security settings immediately
- Disable current 2FA and re-enable with new device
No Recovery Codes
If you've lost both your authenticator and recovery codes:
- Click "Can't access your authenticator?" on login
- Follow the account recovery process
- You'll need to verify your identity:
- Answer security questions
- Verify email ownership
- May require ID verification
- Recovery may take 24-72 hours
Email OTP Not Received
If you're not receiving email codes:
- Check spam/junk folders
- Add
noreply@verifyhuman.ioto contacts - Wait 2-3 minutes and request a new code
- Contact support if issue persists
Managing 2FA
Change 2FA Method
To switch between Email OTP and TOTP:
- Go to Dashboard > Security
- Disable current 2FA method
- Enable the new method
- Complete verification
Regenerate Recovery Codes
To get new recovery codes (invalidates old ones):
- Go to Dashboard > Security
- Click "Regenerate Recovery Codes"
- Verify with current 2FA code
- Save new recovery codes securely
Disable 2FA
Note: Paid plan users cannot disable 2FA.
For free plan users:
- Go to Dashboard > Security
- Click "Disable 2FA"
- Enter your current 2FA code
- Confirm disable
Troubleshooting
"Invalid code" Error
For Email OTP:
- Ensure you're using the most recent code
- Codes expire after 10 minutes
- Request a new code if expired
For TOTP:
- Check your device's clock is accurate
- Ensure you're looking at the VerifyHuman entry
- Wait for the next code if current is expiring
"Code expired" Error
Request a new code and enter it promptly. Email codes expire after 10 minutes.
TOTP Codes Not Working
Common causes:
- Incorrect time on device - Enable automatic time sync
- Wrong account in app - Verify it says "VerifyHuman"
- App data corrupted - Remove and re-add the account
To fix:
- Disable and re-enable 2FA
- Scan the QR code again
- Verify codes match
Locked Out of Account
If completely locked out:
- Wait 15 minutes (rate limiting may apply)
- Try recovery code if available
- Click "Account Recovery" on login page
- Contact support: support@verifyhuman.io
Provide:
- Account email
- Approximate account creation date
- Recent verification activities
- Billing information (if paid plan)
Security Best Practices
Do:
- Enable TOTP over Email OTP when possible
- Store recovery codes in a password manager
- Keep authenticator app backup (cloud sync)
- Use unique, strong password for VerifyHuman
Don't:
- Share recovery codes
- Screenshot QR codes and store insecurely
- Use same authenticator for personal and work
- Disable 2FA on production accounts
See Also
- Authentication Guide - API key security
- Dashboard Guide - Security settings location
- Team Management - Team security policies