LoginSign Up

Security & Two‑Factor Authentication

Protect your account with two‑factor authentication (2FA) and backup codes. Two‑factor authentication adds an additional layer of security by requiring a verification code from your mobile device in addition to your email verification.

Enable Two‑Factor Authentication

From Settings > Security, start the Two‑Factor Setup process. The setup follows a three‑step guided flow:

Step 1: Configure Authenticator App

During setup, you'll see a QR code and have two options:

Scan QR Code:

  • Open your authenticator app on your mobile device
  • Scan the displayed QR code
  • Your account will be added to the app

Manual Entry:

  • If you can't scan the QR code, expand the "Can't scan? Enter manually" section
  • Copy the secret key provided
  • Enter it manually into your authenticator app
  • The account name and type (Time‑based TOTP) will be displayed for reference

Step 2: Verify Setup

Enter the 6‑digit code from your authenticator app to confirm the setup is working correctly. Once verified, backup codes will be automatically generated.

Step 3: Save Backup Codes

After verification, you'll receive 8 single‑use backup codes. These codes allow you to access your account if you lose your authenticator device.

Save your backup codes:

  • Download them as a text file for offline storage
  • Copy all codes to your password manager
  • Store them in a secure location separate from your primary device
  • Confirm that you've saved them before continuing

If you don't have an authenticator app, download one of these recommended options:

  • Google Authenticator — Available for iOS and Android
  • Microsoft Authenticator — Available for iOS and Android
  • Authy — Available for iOS, Android, and Desktop

All recommended apps support the Time‑based One‑Time Password (TOTP) standard used by Clear Ideas.

Backup Codes Management

View Backup Code Status

From Settings > Security, you can view your backup code status:

  • Total codes generated
  • Remaining unused codes
  • Last used date (if any codes have been used)
  • Generation date

The status indicator shows:

  • Success — You have sufficient backup codes remaining
  • Warning — You have 2 or fewer codes remaining, or codes are over 1 year old
  • Error — No backup codes remaining

Regenerate Backup Codes

You can regenerate backup codes at any time:

  1. Navigate to Settings > Security
  2. Click "Regenerate" in the Backup Codes section
  3. Confirm the regeneration (this action cannot be undone)
  4. Save the new backup codes immediately

Important: Regenerating backup codes invalidates all previous codes. Make sure you have access to your authenticator app before regenerating, as you'll need it to sign in after regeneration.

Re‑enroll Authenticator Device

If you need to set up a new device or switch to a different authenticator app:

  1. From Settings > Security, click "Re‑enroll Device"
  2. Confirm that you understand:
    • A new QR code and secret key will be generated
    • Your current authenticator setup will be replaced
    • New backup codes will be generated
    • Current backup codes will become invalid
  3. Follow the same three‑step setup process
  4. Scan the new QR code with your authenticator app
  5. Verify with a 6‑digit code
  6. Save the new backup codes

Note: Re‑enrollment cannot be undone. Ensure you have access to your new authenticator app before starting this process.

Best Practices

For All Users

  • Enable Two‑Factor Authentication on your account for enhanced security
  • Store backup codes in a password manager or secure offline location
  • Keep backup codes separate from your primary device
  • Regularly review Active Sessions and revoke unfamiliar devices
  • Regenerate backup codes if you've used several or if they're over a year old

For Administrators

  • Require Two‑Factor Authentication for all administrator accounts
  • Monitor backup code usage through the status indicator
  • Review active sessions regularly to detect unauthorized access
  • Regenerate backup codes immediately if you suspect they've been compromised

Security Recommendations

  • Use a dedicated authenticator app rather than SMS‑based verification
  • Never share your backup codes or authenticator app access
  • If you lose your authenticator device, use a backup code to sign in and immediately re‑enroll
  • Consider regenerating backup codes after any security incident