Two-Factor Authentication

Add an extra layer of security

Overview

Two-factor authentication (2FA) adds an extra layer of security to your Vault account. When enabled, you’ll need your master password AND a verification code from your phone to log in.

Why Enable 2FA

Even if someone discovers your master password, they can’t access your vault without also having your phone. This protects against:

  • Phishing attacks
  • Password theft
  • Compromised devices

Supported 2FA Methods

Vault supports these authentication methods:

MethodSecurity LevelRecommended For
Authenticator appHighEveryone
EmailMediumBasic protection
Hardware key (FIDO2)HighestHigh-security users

Setting Up Authenticator App

  1. Download an authenticator app:
    • Google Authenticator
    • Authy
    • Microsoft Authenticator
    • 1Password
  2. In Vault, go to Settings > Security > Two-step Login
  3. Click Manage next to Authenticator App
  4. Scan the QR code with your app
  5. Enter the 6-digit code to verify
  6. Save your recovery code - store it securely offline

Setting Up Hardware Key

  1. Go to Settings > Security > Two-step Login
  2. Click Manage next to FIDO2 WebAuthn
  3. Insert your hardware key (YubiKey, etc.)
  4. Follow the prompts to register the key
  5. Name your key for easy identification

Recovery Codes

When you enable 2FA, you receive a recovery code. This is essential:

  • Write it down on paper (not digitally)
  • Store it securely - safe, lockbox
  • It’s your only backup if you lose your phone

To view your recovery code:

  1. Go to Settings > Security > Two-step Login
  2. Click View Recovery Code
  3. Enter your master password

Logging In with 2FA

  1. Enter your email and master password
  2. When prompted, open your authenticator app
  3. Enter the current 6-digit code
  4. (Optional) Check “Remember this device” on trusted computers

Lost Your Phone?

If you lose access to your authenticator:

  1. Use your recovery code to log in
  2. Go to Settings > Security > Two-step Login
  3. Disable the old authenticator
  4. Set up 2FA again with your new device

No recovery code? Contact support@heimlane.com with account verification.

Tips

  • Set up 2FA on a new device BEFORE wiping your old phone
  • Use an authenticator app that supports cloud backup (like Authy)
  • Consider registering a backup hardware key
  • Never share your 2FA codes with anyone
Back to Vault Help