Two-Factor Authentication

Two-Factor Authentication (2FA)

Two-factor authentication — commonly known as 2FA — is one of the most effective ways to protect your Opengates account from unauthorized access. Even if someone discovers your password, they won't be able to log into your account without the second verification factor.

This guide explains what 2FA is, why every freelancer on Opengates should enable it, how to set it up step by step, and what to do if something goes wrong.

What Is Two-Factor Authentication?

Two-factor authentication is a security method that requires you to provide two different types of verification when logging in:

1. Something you know: Your password.
2. Something you have: A temporary code generated by an authenticator app on your phone.

When 2FA is enabled, logging into your Opengates account requires both your password and a 6-digit time-based one-time password (TOTP) from your authenticator app. This code changes every 30 seconds, making it virtually impossible for an attacker to reuse it.

Why Is 2FA Important?

• Passwords can be stolen: Through phishing, data breaches, keyloggers, or social engineering, passwords are frequently compromised. 2FA ensures that a stolen password alone isn't enough to access your account.
• Protects your earnings: As a freelancer on Opengates, your account may hold funds, payment information, and client data. 2FA adds a critical barrier against financial theft.
• Industry standard: Major platforms like Google, GitHub, and banking services all recommend or require 2FA. Enabling it on Opengates brings your account security in line with best practices.
• Peace of mind: Knowing that your account has an extra layer of protection lets you focus on your work instead of worrying about security.

Supported Authenticator Apps

Opengates uses TOTP-based 2FA, which is compatible with any authenticator app that supports the TOTP standard. Here are some popular options:

Google Authenticator

• Platforms: iOS, Android
• Free: Yes
• Features: Simple, no account required, generates 6-digit TOTP codes
• Download: Google Play | App Store

Authy

• Platforms: iOS, Android, Windows, macOS, Linux
• Free: Yes
• Features: Cloud backup, multi-device sync, encrypted backups
• Download: authy.com

Microsoft Authenticator

• Platforms: iOS, Android
• Free: Yes
• Features: TOTP support, push notifications for Microsoft accounts, cloud backup
• Download: Google Play | App Store

Other Compatible Apps

Any app that supports TOTP will work with Opengates, including:

• 1Password
• Bitwarden
• LastPass Authenticator
• Duo Mobile

Setting Up Two-Factor Authentication

Follow these steps to enable 2FA on your Opengates account.

Prerequisites

Before you begin, make sure you have:

• Access to your Opengates account (you must be logged in)
• An authenticator app installed on your phone or computer
• Your phone nearby to scan the QR code

Step-by-Step Setup

1. Log in to your Opengates account.
2. Go to Settings → Security or Password & Security.
3. Find the Two-Factor Authentication section.
4. Click "Enable 2FA" or "Set Up Two-Factor Authentication".
5. You'll be asked to enter your current password to verify your identity.
6. A QR code will be displayed on your screen, along with a manual entry key (a text string you can type into your authenticator app if you can't scan the QR code).
7. Open your authenticator app on your phone.
8. In the app, tap the "+" button or "Add Account".
9. Choose "Scan QR Code" and point your phone's camera at the QR code on your screen. Alternatively, choose "Enter Key Manually" and type in the text key.
10. Your authenticator app will now show a 6-digit code that changes every 30 seconds.
11. Enter the current 6-digit code from your authenticator app into the verification field on Opengates.
12. Click "Verify" or "Confirm".
13. If the code is correct, 2FA will be enabled on your account.
14. You'll be shown a set of backup codes — save these immediately (see below).

What the QR Code Contains

The QR code encodes your account information and a secret key that the authenticator app uses to generate time-based codes. This key is unique to your Opengates account and should never be shared with anyone.

Backup Codes

When you enable 2FA, Opengates generates a set of backup codes (typically 8–10 codes). These are one-time-use codes that you can use to log in if you lose access to your authenticator app.

Why Backup Codes Are Critical

• If your phone is lost, stolen, or broken, you won't be able to generate TOTP codes.
• If you switch to a new phone and forget to transfer your authenticator app, you'll be locked out.
• Backup codes are your emergency access method — treat them like a spare key to your house.

How to Save Your Backup Codes

1. Write them down: Copy the codes onto a piece of paper and store it in a safe, secure location (like a locked drawer or safe).
2. Save to a password manager: Store the codes in your password manager (1Password, Bitwarden, etc.) for encrypted, accessible storage.
3. Save to an encrypted file: Create an encrypted document on your computer or a secure cloud storage service.

Do NOT:

• Store backup codes in plain text on your phone (the same device as your authenticator)
• Email the codes to yourself without encryption
• Share your backup codes with anyone
• Take a screenshot and leave it in your camera roll

Using a Backup Code

If you need to log in and don't have access to your authenticator:

1. On the 2FA verification screen, click "Use a backup code" or "Can't access your authenticator?".
2. Enter one of your unused backup codes.
3. Click "Verify".
4. You'll be logged in. The backup code you used is now invalidated and cannot be used again.

Regenerating Backup Codes

If you've used most of your backup codes or want to generate a new set:

1. Log in to your account.
2. Go to Settings → Security → Two-Factor Authentication.
3. Click "View Backup Codes" or "Regenerate Backup Codes".
4. You may need to enter your password or a current 2FA code.
5. A new set of codes will be generated. All previous codes will be invalidated.
6. Save the new codes securely.

Logging In with 2FA Enabled

Once 2FA is enabled, your login flow will include an extra step:

1. Enter your email and password as usual.
2. Click "Log In".
3. You'll be prompted to enter a 6-digit verification code.
4. Open your authenticator app and find the code for your Opengates account.
5. Enter the code (make sure it hasn't expired — a new code generates every 30 seconds).
6. Click "Verify".
7. You're now logged in.

If you're on a trusted personal device, you may see an option to "Remember this device for 30 days". Enabling this means you won't be asked for a 2FA code on that specific device for the next 30 days.

Disabling Two-Factor Authentication

If you need to disable 2FA (for example, if you're switching authenticator apps), you can do so from your settings.

How to Disable 2FA

1. Log in to your Opengates account.
2. Go to Settings → Security → Two-Factor Authentication.
3. Click "Disable 2FA" or "Turn Off Two-Factor Authentication".
4. Enter your current password for verification.
5. Enter a 6-digit code from your authenticator app to confirm.
6. Click "Disable".

Warning: Disabling 2FA removes the extra layer of protection from your account. We strongly recommend re-enabling it as soon as possible, especially if you're just switching apps. Consider setting up passkeys as an alternative security measure (see Passkeys).

What to Do If You Lose Your Authenticator

Losing access to your authenticator app is stressful, but there are several ways to recover your account.

Option 1: Use a Backup Code

If you saved your backup codes when you set up 2FA, use one to log in (see "Using a Backup Code" above). Once logged in, you can disable 2FA and set it up again with your new device.

Option 2: Use Authy's Multi-Device Feature

If you used Authy and enabled multi-device sync or cloud backup, you can install Authy on your new device and restore your accounts automatically.

Option 3: Contact Opengates Support

If you don't have backup codes and can't recover your authenticator:

1. Go to the Opengates login page.
2. Enter your email and password.
3. On the 2FA screen, click "Can't access your authenticator?" → "Contact Support".
4. Fill out the account recovery form with:
   • Your email address
   • Your display name
   • Any information that can help verify your identity
5. Our support team will review your request and may ask for additional verification (such as a government-issued ID or answers to security questions).
6. Account recovery typically takes 1–3 business days, depending on the verification required.

To avoid this situation in the future:

• Always save your backup codes when enabling 2FA.
• Use an authenticator app with cloud backup (like Authy).
• Consider setting up passkeys as an additional login method.

Frequently Asked Questions

Can I use SMS-based 2FA instead of an authenticator app?

Opengates currently uses TOTP-based 2FA via authenticator apps only. SMS-based 2FA is less secure because SMS messages can be intercepted through SIM-swapping attacks. Authenticator apps generate codes locally on your device, making them much more resistant to interception.

What happens if my authenticator app's time is out of sync?

TOTP codes are time-based, so your phone's clock needs to be accurate. If your codes aren't working, go to your phone's settings and enable automatic date and time. In Google Authenticator, you can also go to Settings → Time correction for codes → Sync now.

Can I use 2FA on multiple devices?

If you use Authy, you can sync your 2FA tokens across multiple devices. With Google Authenticator, the tokens are stored on a single device by default, but newer versions support account transfer between devices.

Does 2FA affect passkeys or other login methods?

No. 2FA and passkeys are independent security features. If you log in using a passkey (biometric authentication), you won't be asked for a 2FA code because passkeys already provide strong authentication. 2FA is only required when logging in with your email and password.

Still need help? Contact our support team and we'll be happy to assist you.