Security
Enabling two-factor authentication
TOTP setup, recovery codes, and what AAL2 step-up does.
Last updated: 2026-05-29
Go to Settings and find Two-factor authentication. Scan the QR code with any TOTP app (Google Authenticator, 1Password, Authy) and enter a 6-digit code to verify.
Save your recovery codes. Right after you enable 2FA, Draftiro shows ten one-time recovery codes — copy or download them and keep them offline. They're shown only once. You can regenerate a fresh set anytime from the same screen (which invalidates the old ones).
If you lose your authenticator, choose "Use a recovery code" on the verification screen. A code signs you in and disables 2FA, so re-enable it afterward. Once 2FA is on, sensitive surfaces (the app, Billing, Settings) require a fresh code per session (AAL2 step-up); public marketing pages do not.