--- title: Security & 2FA description: >- Protect your Clear Ideas account with an authenticator app, backup codes, passkeys, and active session review. ogTitle: Security & Two-Factor Authentication Guide ogDescription: >- Protect your Clear Ideas account with TOTP, backup codes, passkeys, re-enrollment controls, and session review. ogImage: /assets/images/og/guide-security-and-two-factor-authentication.webp navigation: icon: fasl fa-shield-keyhole --- # Security & Two-Factor Authentication Use **Settings > Security** to strengthen account access with layered authentication and recovery controls. Clear Ideas currently supports: - an authenticator app for time-based one-time codes - backup codes for recovery - passkeys on supported browsers and devices - active-session review These controls help keep governed work inside the same controlled environment where your approved documents, audit trails, and AI activity already live. ## Set Up Two-Factor Authentication ### 1. Add an authenticator app Clear Ideas shows a QR code and manual secret. Use either method to add the account to your authenticator app. ### 2. Verify the six-digit code Enter the current code from the authenticator app to finish enrollment. ### 3. Save your backup codes After enrollment, Clear Ideas generates backup codes. Save them right away in a secure place such as a password manager or encrypted vault. ## Backup Codes Backup codes are single-use recovery codes for cases where your authenticator device is unavailable. The Security page shows backup-code status, including how many remain and when they were last generated. ### Regenerating backup codes When you regenerate backup codes: - the previous set stops working - you must save the new set immediately - passkey enrollment still depends on having usable backup codes available ## Passkeys Passkeys provide stronger, phishing-resistant sign-in on supported devices and browsers. If your account has backup codes available, you can add passkeys from **Settings > Security**. ### Add a passkey 1. Open **Settings > Security** 2. Click **Add Passkey** 3. Complete the browser or device prompt 4. Save the passkey to the platform account, device, or password manager you trust Clear Ideas keeps passkey entries with device labels and last-used information so you can review which credentials are active. ### Remove a passkey Remove a passkey when a device is retired, lost, or no longer trusted. ## Re-Enroll an Authenticator If you replace your authenticator device or need to restart TOTP enrollment, use the re-enrollment flow from **Settings > Security**. Re-enrollment creates a fresh setup and produces a new set of backup codes. Save the new codes before you leave the flow. ## Review Active Sessions Security settings work best when paired with session review. Use [Active Sessions](/security/active-sessions) to: - review currently signed-in devices - revoke sessions you no longer trust - clean up old access after a password, device, or passkey change ## Recommended Practices - Enable two-factor authentication for anyone working with sensitive Sites. - Keep backup codes somewhere secure but reachable in an emergency. - Add at least one passkey on a trusted device. - Remove passkeys from devices you no longer control. - Re-enroll immediately if your authenticator device is replaced or compromised. - Review active sessions after device changes, travel, or any suspected security event.