Two-Factor Authentication
Set up 2FA on your account to add a second layer of protection beyond your password
Two-factor authentication adds a second verification step when you log in — a time-based code from an authenticator app. Even if your password is compromised, your account stays protected.
Setting up 2FA
- Go to Settings → Security → Two-factor authentication
- Click Enable 2FA
- Open an authenticator app on your phone (Google Authenticator, Authy, 1Password, or any TOTP-compatible app)
- Scan the QR code shown in MentorStack
- Enter the 6-digit code from your authenticator app to confirm setup
- Save your backup codes in a safe place — you'll need them if you lose access to your device
Once enabled, you'll be prompted for a code each time you log in.
Backup codes
During setup, MentorStack generates 8 one-time backup codes. Each code can only be used once. Store them somewhere secure (a password manager, printed sheet, or encrypted notes file).
If you lose your authenticator device and don't have backup codes, contact your admin or MentorStack support to verify your identity and reset 2FA.
Generating new backup codes
If you've used most of your backup codes or suspect they've been exposed:
- Go to Settings → Security → Two-factor authentication
- Click Regenerate backup codes
The old codes are immediately invalidated.
Disabling 2FA
- Go to Settings → Security → Two-factor authentication
- Click Disable 2FA
- Confirm with your current authenticator code
Note
If your organization has enforced 2FA for all members, you cannot disable it yourself. Contact your admin if you need an exception.
Organization-enforced 2FA (admins)
Admins can require 2FA for all members in their organization:
- Go to Settings → Security
- Toggle Require 2FA for all members
Members who haven't set up 2FA will be prompted to do so on their next login. They won't be able to access the platform until 2FA is configured.