Two-Factor Authentication (2FA)
Enable TOTP-based two-factor authentication for your Watchflare account. Covers setup, login flow, backup codes, and disabling 2FA.
Watchflare supports TOTP-based two-factor authentication (Time-based One-Time Password, RFC 6238). When enabled, logging in requires both your password and a 6-digit code from an authenticator app.
Supported apps
Any TOTP-compatible app works:
- Proton Authenticator & Proton Pass
- 2FAS
- Bitwarden Authenticator
- 1Password
- Authy
- Google Authenticator
- and many more!
Enable 2FA
- Go to your username → Account.
- Under Two-Factor Authentication, click Set up 2FA.
- Scan the QR code with your authenticator app, or copy the secret key and enter it manually.
- Enter the 6-digit code your app displays to confirm setup.
- Save your backup codes. Watchflare generates 8 one-time backup codes — store them somewhere safe. You can use them to sign in if you lose access to your authenticator.
Warning
Backup codes are shown only once. If you lose both your authenticator and your backup codes, you cannot recover access to your account.
Login flow
When 2FA is enabled, the login sequence is:
- Enter your email and password on the login page.
- A 2FA challenge screen appears — enter the 6-digit code from your authenticator app.
- Alternatively, click Use a backup code and enter one of your saved codes.
The 2FA challenge expires after 5 minutes. If it times out, start the login again.
Backup codes
Backup codes are 10-character uppercase hex codes (e.g. A3F7C2E1B0). Each code can only be used once — it is consumed on use.
You have 8 backup codes after setup. To replace them all with a fresh set:
- Go to your username → Account.
- Under Two-Factor Authentication, click Regenerate backup codes.
- Enter a valid 6-digit TOTP code to confirm.
- The new codes are shown once — save them immediately.
Warning
Regenerating backup codes invalidates all previous ones.
Disable 2FA
- Go to your username → Account.
- Under Two-Factor Authentication, click Disable 2FA.
- Enter a valid 6-digit TOTP code or a backup code to confirm.
After disabling, all backup codes and the stored TOTP secret are permanently deleted.