Two-Factor Authentication (2FA): Extra security for your app

Keeping your app secure is a top priority—especially when it comes to sensitive content, internal communications, or user data. That’s why tchop offers the option to enable Two-Factor Authentication (2FA) for an additional layer of protection.

What is 2FA?

Two-Factor Authentication (2FA) is a security method that requires users to verify their identity using two different forms of authentication:

1. Something they know – typically their password

2. Something they have – like a code from an authenticator app

Even if someone’s password is compromised, 2FA ensures that access can’t be granted without the second verification step—making it significantly harder for unauthorized users to log in.

We highly recommend using 2FA to protect access to the editorial admin dashboard, which can only be access by users with certain permissions. But since you have most sensitive functions to edit content, define settings, see analytics or do stuff like sending push notifications, we believe it's good to add this security lawyers there.

How 2FA works in tchop

tchop supports 2FA via any trusted App like the Authy, Google or the Microsoft Authenticator Apps (see Links to Google's app for free on both iOS and Android.)

• Once activated, users will be prompted to enter a time-based code generated by the app after logging in with their credentials.

• The setup is fast and simple—users scan a QR code once and they’re good to go (no worrites, users get a simple "how-to" in the app)

For step-by-step setup instructions, see our 2FA FAQ guide.

Flexible security settings

You decide how strictly 2FA should be enforced across your app. Choose based on your organization’s internal policies:

✅ Only for Admins of the organization
✅ For Admins of the organization and specific channels
✅ For all Admins and Editors
✅ For all users, including readers
❌ Or choose to not enable 2FA at all

You can change this setting at any time, but we recommend keeping changes minimal to avoid confusion for your team and users. Its is to be noted that mostly 2FA for app-only users does not make too much sense, if the second factor is also used on the same smartphone.

Summary

• Adds strong protection for user accounts

• Helps prevent unauthorized access, even if passwords are compromised

• Essential for apps dealing with internal communications or confidential content

• Is especially recommended for administrators and editors

• Builds trust among users by showing you take security seriously

Need help enabling or configuring 2FA for your app?
Just contact us at support@tchop.io or talk to your contact person - we’re here to help!