Two-Factor Authentication

Add an extra layer of security

Overview

Two-factor authentication (2FA) adds a second step when you log in. Even if someone has your master password, they can’t get into your vault without your second factor.

Methods

Heimlane Vault offers two second factors:

  • Authenticator app - a 6-digit code from an app like Google Authenticator or Aegis.
  • Security keys (BETA) - a hardware security key, or your device, using FIDO2 / WebAuthn.

There is no email-based 2FA.

Setting up an authenticator app

  1. In your web vault, go to Settings > Two-Factor Authentication (2FA).
  2. Next to Authenticator App, click Set up.
  3. Enter your master password.
  4. Scan the QR code with an app like Google Authenticator, Aegis, or 1Password (or enter the key manually).
  5. Enter the 6-digit code to verify, then enable.
  6. Save your recovery codes (see below).

Setting up security keys (BETA)

  1. In Settings > Two-Factor Authentication (2FA), find Security keys.
  2. Click Manage security keys and enter your master password.
  3. Add a key - a hardware key, or your device via FIDO2 / WebAuthn - and give it a name.

Security keys are a BETA feature. Set up an authenticator app first, so you can still sign in if something doesn’t work as expected.

Recovery codes

When you turn on 2FA, you’re shown a set of recovery codes once. Each code works a single time to sign in if you lose your second factor. Save them somewhere safe and offline - you won’t be able to see them again.

Logging in with 2FA

  1. Enter your email and master password.
  2. Enter the current 6-digit code from your authenticator app (or use a security key, or a recovery code).

Lost your second factor?

Use a recovery code to sign in, then go to Settings > Two-Factor Authentication (2FA) and set up your second factor again.

Tips

  • Set up a new device before wiping your old phone.
  • Keep your recovery codes somewhere safe, separate from your devices.
  • Never share your codes with anyone.