Documentation

Security & Two-Factor Authentication

View as Markdown

Use Settings > Security to strengthen account access with layered authentication and recovery controls.

Clear Ideas currently supports:

  • an authenticator app for time-based one-time codes
  • backup codes for recovery
  • passkeys on supported browsers and devices
  • active-session review

These controls help keep governed work inside the same controlled environment where your approved documents, audit trails, and AI activity already live.

Set Up Two-Factor Authentication

1. Add an authenticator app

Clear Ideas shows a QR code and manual secret. Use either method to add the account to your authenticator app.

2. Verify the six-digit code

Enter the current code from the authenticator app to finish enrollment.

3. Save your backup codes

After enrollment, Clear Ideas generates backup codes. Save them right away in a secure place such as a password manager or encrypted vault.

Backup Codes

Backup codes are single-use recovery codes for cases where your authenticator device is unavailable.

The Security page shows backup-code status, including how many remain and when they were last generated.

Regenerating backup codes

When you regenerate backup codes:

  • the previous set stops working
  • you must save the new set immediately
  • passkey enrollment still depends on having usable backup codes available

Passkeys

Passkeys provide stronger, phishing-resistant sign-in on supported devices and browsers.

If your account has backup codes available, you can add passkeys from Settings > Security.

Add a passkey

  1. Open Settings > Security
  2. Click Add Passkey
  3. Complete the browser or device prompt
  4. Save the passkey to the platform account, device, or password manager you trust

Clear Ideas keeps passkey entries with device labels and last-used information so you can review which credentials are active.

Remove a passkey

Remove a passkey when a device is retired, lost, or no longer trusted.

Re-Enroll an Authenticator

If you replace your authenticator device or need to restart TOTP enrollment, use the re-enrollment flow from Settings > Security.

Re-enrollment creates a fresh setup and produces a new set of backup codes. Save the new codes before you leave the flow.

Review Active Sessions

Security settings work best when paired with session review.

Use Active Sessions to:

  • review currently signed-in devices
  • revoke sessions you no longer trust
  • clean up old access after a password, device, or passkey change
  • Enable two-factor authentication for anyone working with sensitive Sites.
  • Keep backup codes somewhere secure but reachable in an emergency.
  • Add at least one passkey on a trusted device.
  • Remove passkeys from devices you no longer control.
  • Re-enroll immediately if your authenticator device is replaced or compromised.
  • Review active sessions after device changes, travel, or any suspected security event.