Overview
Two-factor authentication (2FA) adds a second step when you log in. Even if someone has your master password, they can’t get into your vault without your second factor.
Methods
Heimlane Vault offers two second factors:
- Authenticator app - a 6-digit code from an app like Google Authenticator or Aegis.
- Security keys (BETA) - a hardware security key, or your device, using FIDO2 / WebAuthn.
There is no email-based 2FA.
Setting up an authenticator app
- In your web vault, go to Settings > Two-Factor Authentication (2FA).
- Next to Authenticator App, click Set up.
- Enter your master password.
- Scan the QR code with an app like Google Authenticator, Aegis, or 1Password (or enter the key manually).
- Enter the 6-digit code to verify, then enable.
- Save your recovery codes (see below).
Setting up security keys (BETA)
- In Settings > Two-Factor Authentication (2FA), find Security keys.
- Click Manage security keys and enter your master password.
- Add a key - a hardware key, or your device via FIDO2 / WebAuthn - and give it a name.
Security keys are a BETA feature. Set up an authenticator app first, so you can still sign in if something doesn’t work as expected.
Recovery codes
When you turn on 2FA, you’re shown a set of recovery codes once. Each code works a single time to sign in if you lose your second factor. Save them somewhere safe and offline - you won’t be able to see them again.
Logging in with 2FA
- Enter your email and master password.
- Enter the current 6-digit code from your authenticator app (or use a security key, or a recovery code).
Lost your second factor?
Use a recovery code to sign in, then go to Settings > Two-Factor Authentication (2FA) and set up your second factor again.
Tips
- Set up a new device before wiping your old phone.
- Keep your recovery codes somewhere safe, separate from your devices.
- Never share your codes with anyone.
