Two-Factor Authentication

Two-factor authentication (2FA) adds a second layer of protection beyond your password. With it enabled, signing in requires both your password and a 6-digit code from an authenticator app on your phone — so a leaked or guessed password alone isn’t enough to get into your account.

Carolina Cloud uses TOTP (time-based one-time passwords), the standard supported by apps like Google Authenticator, Authy, 1Password, and Microsoft Authenticator.

Do you need to set it up?

It depends on how you sign in:

• Password sign-in — you can (and may be required to, see below) enroll in 2FA. This page is for you.
• Google or GitHub sign-in — your identity provider already handles your second factor, so there is nothing to set up here. Carolina Cloud never challenges OAuth accounts for a TOTP code, and the 2FA panel will tell you there’s nothing to do.

If your organization owner has turned on a mandatory-2FA policy, password members are required to enroll before they can use the platform. See Requiring 2FA for your organization.

Setting up 2FA

1. Open My Organization in the dashboard and find the Security section.
2. In the Two-factor authentication card, click Set up two-factor authentication.
3. Scan the QR code with your authenticator app (or type in the secret manually).
4. Enter the current 6-digit code from your app to confirm the pairing, and submit.

That’s it — your account is now protected. The Security card will flip to a green On badge.

Tip

Scan the QR code and enter the code from your app without leaving the page. The setup page is tied to a single secret for your session — if you navigate away and come back, you may need to re-scan a fresh QR code before your codes will match.

Recovery codes

Right after you enroll, Carolina Cloud shows you a set of one-time recovery codes. These are your backup way in if you ever lose access to your authenticator app (new phone, lost device, app deleted).

• Save them somewhere safe — a password manager is ideal. Each code works exactly once.
• You can Download them as a file, or Generate new codes at any time (which invalidates the old set).
• From the recovery-codes page, click Continue to dashboard when you’re done.

If you lose your phone and your recovery codes, contact hello@carolinacloud.io to recover your account.

Signing in with 2FA

After enrolling, every sign-in goes:

1. Enter your email and password as usual.
2. You’ll be prompted for the current 6-digit code from your authenticator app.

Until you complete the code challenge, your session is only partially authenticated — the platform won’t let you reach your instances or the API.

If you don’t have your authenticator app handy, use one of your recovery codes in place of the 6-digit code.

Managing or turning off 2FA

In the Security section of My Organization, the Two-factor authentication card shows your current status. When 2FA is on, click Manage two-factor authentication to:

• View or regenerate your recovery codes.
• Deactivate 2FA entirely.

Caution

If your organization requires 2FA, you can’t stay signed in with it turned off — deactivating will simply send you back to enrollment the next time you use the platform. See Requiring 2FA for your organization.

Related

• Requiring 2FA for your organization — owner-only policy that mandates 2FA for all password members.
• Security — how Carolina Cloud protects your workloads and data.