Two-factor authentication
Two-factor authentication (2FA) adds a second lock on your Bitsecrets account: even if someone learns your master password, they still can’t sign in without the second factor. For an account that guards every other account you own, we strongly recommend turning it on.
Two different things called “2FA”
- 2FA for your Bitsecrets account — protects signing in to your vault itself. This is what this guide covers.
- The built-in authenticator — generates one-time codes for your other accounts (email, banking, social), stored right next to their logins in your vault.
How it works
With 2FA enabled, signing in to your account on a new device asks for a one-time code from your authenticator app (or another second factor you’ve configured) in addition to your master password. Unlocking the app day-to-day with Face ID is unaffected — 2FA guards the sign-in, not every unlock.
Setting it up
- Open Settings → Security in Bitsecrets and find the 2-factor authentication section.
- Follow the steps to add your second factor, using the account settings for the server your vault lives on.
- Store your recovery code somewhere safe — it's the only way back in if you lose your second factor.
Good to know
- 2FA protects account sign-in; your vault's contents are protected by zero-knowledge encryption either way.
- Don't keep your account's own 2FA code inside the vault it protects — use a separate authenticator app for that one.
- Losing both your master password and your recovery code means losing access — that's the flip side of encryption no one can bypass.
Questions? Reach us at hello@bitsecrets.app — we’re happy to help you get protected.