👮🏻‍♂️ Two-Factor-Authentication (2FA)

Two-Factor Authentication (2FA): Extra security for your app

Keeping your app secure is a top priority—especially when it comes to sensitive content, internal communications, or user data. That’s why tchop offers the option to enable Two-Factor Authentication (2FA) as an additional layer of protection for user accounts.

2FA significantly reduces the risk of unauthorized access and is strongly recommended for organizations that manage editorial content, internal communication, or confidential information.

What is Two-Factor Authentication (2FA)?

Two-Factor Authentication (2FA) is a security method that requires users to verify their identity using two different authentication factors when logging in.

These factors typically include:

Something you know
Your password or login credentials.

Something you have
A time-based verification code generated by an authenticator app on your smartphone.

Because access requires both factors, knowing a password alone is not enough to gain access. Even if a password becomes compromised, attackers cannot log in without the second verification step.

This additional layer of protection makes 2FA one of the most effective ways to secure accounts and protect sensitive data.

Why we recommend enabling 2FA

Two-Factor Authentication is particularly important for accounts that have access to administrative or editorial functions.

Within tchop, administrators and editors can:

• Manage and publish content

• Configure platform settings

• Access analytics and user data

• Send push notifications

• Manage community interactions

For this reason, we strongly recommend enabling 2FA at least for administrators and editors.

How 2FA works in tchop

tchop supports Time-based One-Time Passwords (TOTP) generated by common authenticator apps, including:

• Google Authenticator

• Microsoft Authenticator

• Authy

• Any other compatible authenticator app

After entering their username and password, users are prompted to enter a 6-digit code generated by the authenticator app on their smartphone.

These codes refresh every 30 seconds, providing a secure one-time verification step.

Security settings available for organizations

Each organization can decide how strictly 2FA should be enforced.

Available options include:

• Enable 2FA only for organisation administrators

• Enable 2FA for administrators and selected channel admins

• Enable 2FA for all administrators and editors

• Enable 2FA for all users including readers

• Keep 2FA disabled

⚠️ Note: For app-only reader users, 2FA may provide limited additional security if the authenticator app is installed on the same smartphone used to access the app.

How administrators enable 2FA for an organization

Only users with Organisation Admin permissions can configure security settings.

Step-by-step

1. Open the organisation dashboard.

2. Navigate to Settings.

3. Open the Security section.

4. In the security settings you can configure:

   Two-Factor Authentication (2FA)
   Enable 2FA and define which user roles must use it.

5. Save the changes.

These settings can be adjusted at any time according to your organization’s security policies.

How users set up 2FA

If your organization has enabled 2FA, users will be guided through the setup during their next login.

Step-by-step setup

1. Log in to the tchop platform using your normal credentials.

2. If 2FA is required, a setup screen will appear automatically.

3. Install an authenticator app on your smartphone if you do not already have one:

   • Google Authenticator

   • Microsoft Authenticator

   • Authy

4. Open the authenticator app and choose “Add account”.

5. Scan the QR code shown on the screen.

   If scanning is not possible, you can choose “Enter key manually” and type the provided secret key.

6. The authenticator app will now generate a 6-digit verification code.

7. Enter the code in the verification field and click Verify.

Once verified, 2FA is activated for your account.

From now on, each login requires:

1. Username and password

2. A 6-digit code from the authenticator app

Setting up 2FA on a new device

If you change your phone, you can reconnect your authenticator app.

Steps

1. Log in to the tchop platform.

2. Enter your existing 6-digit verification code from your current authenticator app.

3. Open your user profile and click on "…"

4. Select the option to reset 2fa.

5. Install the authenticator app on your new device.

6. Scan the newly generated QR code.

7. Enter the new 6-digit verification code to confirm the setup.

After verification, your new device will generate the login codes.

What to do if you lose your authenticator device

When 2FA is first activated, users receive backup codes via email.

These codes allow temporary access if the authenticator device is unavailable.

Steps to regain access

1. Attempt to log in normally.

2. Choose the option indicating that you do not have access to your authenticator device.

3. Enter one of the backup codes sent to your email.

4. After logging in, open your profile and click on "…".

5. Reset and reconnect your authenticator app on a new device.

Each backup code can only be used once.

After resetting 2FA, new backup codes will be generated and the old ones will become invalid.

Summary

Two-Factor Authentication provides an important additional security layer for your tchop app.

Benefits include:

• Strong protection for user accounts

• Prevents unauthorized access even if passwords are compromised

• Essential for apps handling internal communication or confidential content

• Highly recommended for administrators and editors

• Builds trust by demonstrating strong security practices

Need help?

If you need assistance enabling or configuring 2FA, please contact: support@tchop.io or reach out to your tchop contact person.