Two-Factor Authentication (2FA) Setup

Why 2FA Is Required

Your ILLIXIS account holds API keys, ad accounts, and content worth protecting. 2FA keeps it safe even if your password is compromised — no one can access your account without your phone.

2FA is mandatory for all ILLIXIS users. New accounts have a 3-day grace period to set it up. After that, you'll need to complete setup before you can access your dashboard and content.

Before You Start

You need:

1. Your smartphone or tablet
2. An authenticator app installed (see options below)

Recommended authenticator apps:

• Google Authenticator (iOS/Android)
• Authy (iOS/Android) - syncs across devices
• 1Password (iOS/Android/Desktop) - if you already use it

Don't have one? Download any of these free from the App Store or Google Play.

Why not SMS: We support TOTP (time-based codes) because it's more secure than SMS. SMS codes can be intercepted; authenticator apps cannot.

Setup Process

Setup takes about 60 seconds.

Step 1: Access Security Settings

1. Log in to ILLIXIS
2. Go to Account Settings (click your profile icon in the top-right corner)
3. Click the Security tab
4. Click Enable 2FA

Step 2: Scan the QR Code

1. Open your authenticator app on your phone
2. Tap "Add account" or the "+" icon
3. Choose "Scan QR code"
4. Point your camera at the QR code on screen

Can't scan? Click "Can't scan?" below the QR code to see the manual entry key. Type this into your authenticator app instead.

Step 3: Verify the Code

1. Your authenticator app will show a 6-digit code
2. Enter that code in the "Verification code" field
3. Click "Verify & Enable"

Code not working? Make sure your phone's clock is accurate. TOTP codes are time-based. If your phone's time is off by more than 30 seconds, codes won't work.

Step 4: Save Your Backup Codes

After verification, you'll see 10 backup codes. Save these immediately.

Why backup codes matter: If you lose your phone, these codes are the only way to access your account without contacting support. Each code works once.

How to save them:

• Click "Download Codes" to save as a text file
• Store them in your password manager
• Print them and keep in a secure location
• DO NOT screenshot them (screenshots sync to the cloud)

Signing In with 2FA

Once 2FA is enabled, your login flow changes:

1. Enter your email and password (as usual)
2. You'll see a new screen: "Enter verification code"
3. Open your authenticator app
4. Find the ILLIXIS entry
5. Enter the 6-digit code shown
6. Click "Verify"

The code refreshes every 30 seconds. If it expires while you're typing, use the new code.

Managing Your Backup Codes

Viewing Remaining Codes

1. Go to Account Settings > Security tab
2. Click Backup Codes
3. You'll see how many codes remain

IMPORTANT: For security, we don't display the codes themselves after initial generation. You must save them when first shown.

When to Generate New Codes

Generate new backup codes if:

• You've used more than 7 of your 10 codes
• You lost the codes you saved
• You want to revoke old codes for security reasons

Warning: Generating new codes invalidates ALL previous backup codes immediately.

How to Generate New Codes

1. Go to Account Settings > Security tab
2. Click Backup Codes
3. Click "Generate New Backup Codes"
4. Enter a verification code from your authenticator app
5. Save the 10 new codes shown

Using a Backup Code

When to use: You lost your phone, broke your phone, or uninstalled your authenticator app.

Steps:

1. On the verification screen, click "Use backup code instead"
2. Enter one of your saved backup codes
3. Click "Verify"
4. Once logged in, set up 2FA on a new device and generate new backup codes

Each backup code works once. After using a code, you'll have 9 remaining (or fewer if you'd already used some).

If You Lose Access

Scenario 1: Lost phone, but you have backup codes

1. Use a backup code to log in
2. Set up 2FA on a new device
3. Generate new backup codes

Scenario 2: Lost phone AND lost backup codes

1. Contact ILLIXIS support
2. Verify your identity (account details, billing information)
3. Support will reset your 2FA
4. You'll receive an email with instructions
5. Set up 2FA again immediately

Response time: Support 2FA resets typically take 24-48 hours for security verification.

Grace Period for New Accounts

When you first create your ILLIXIS account, you have 3 days to set up 2FA. During this time:

• You'll see a blue banner on your dashboard explaining 2FA and how to set it up
• You can use all ILLIXIS features normally
• The banner shows your deadline

After the grace period expires:

• You can still log in
• You'll be redirected to the 2FA setup page on every page
• You cannot access your dashboard or content until you complete setup

Troubleshooting

"Invalid verification code"

Possible causes:

1. Time sync issue - Your phone's clock is off. Go to Settings > Date & Time > Set automatically.
2. Expired code - TOTP codes change every 30 seconds. Use the current code.
3. Wrong account - Make sure you're viewing the ILLIXIS entry in your authenticator app, not another account.
4. Typo - Verification codes are 6 digits, all numbers. No letters.

"QR code won't scan"

Solutions:

1. Increase brightness - Turn up your phone's screen brightness.
2. Hold steady - Keep your phone 6-8 inches from the screen.
3. Manual entry - Click "Can't scan?" below the QR code and type the key instead.

"I set up 2FA but it's asking me again"

This happens if:

• You didn't complete the verification step (entering the 6-digit code)
• Your session expired during setup

Solution: Start the setup process again. It only takes 60 seconds.

"My authenticator app was deleted/reset"

If you have backup codes:

1. Log in using a backup code
2. Contact support to reset your 2FA
3. Set up 2FA again with your authenticator app

If you don't have backup codes: Contact support for a 2FA reset.

Best Practices

Do:

• Save backup codes in your password manager
• Enable 2FA on all critical accounts, not just ILLIXIS
• Keep your authenticator app on a device you always have with you
• Use Authy if you want cloud sync across devices

Don't:

• Screenshot your backup codes (screenshots sync to cloud storage)
• Email backup codes to yourself (email is not secure)
• Share verification codes with anyone (including ILLIXIS support — we'll never ask)

Security Note

ILLIXIS will NEVER:

• Ask for your verification codes
• Ask for your backup codes
• Email you requesting you disable 2FA

If you receive a message asking for these, it's a phishing attempt. Report it to security@illixis.io immediately.

Multiple Devices

Can I set up 2FA on multiple devices? Yes, during initial setup:

1. When the QR code appears, scan it with your first device
2. Keep the setup page open
3. Scan the same QR code with your second device
4. Both devices will now generate valid codes

Why two devices? Redundancy. If you lose one phone, you still have the other. But if you lose both, you'll need backup codes.

Related Guides

• Audit Logs - View when and where you've logged in
• Team Access Management - Control who can access your account
• Password Security - Best practices for strong passwords

Need Help?

Common questions:

• "Does 2FA slow down my login?" - Adds 5-10 seconds. Worth it for the security.
• "Does 2FA work on mobile?" - Yes, same process on phone/tablet browsers.

Still stuck? Contact support with:

• Your account email
• The step where you're stuck
• Any error messages you see

We'll respond within 24 hours.