What it does
Adds a second check to every sign-in. After you type your email and password, Nautis asks for a 6-digit code from an authenticator app on your phone — so even if someone steals your password, they still can't get in.
Who can use it
Any signed-in user can turn 2FA on or off for their own account.
You need a smartphone (or any device that runs an authenticator app such as Google Authenticator, Authy, Microsoft Authenticator, or 1Password).
How to get here
Sign in to Nautis.
Open your profile menu and choose Account Settings.
Click the Security tab.
Scroll to the Two-Factor Authentication card.
Step-by-step: turn on 2FA
In the Two-Factor Authentication card, click Enable.
A Scan QR Code dialog appears showing two things:
A QR code to point your authenticator app at.
A list of Backup Codes below it.
Open your authenticator app and choose to add a new account by scanning. Point the camera at the QR code on screen.
Save the backup codes somewhere safe — copy them into a password manager, print them, or write them down. Each one can be used once if you lose your phone.
Click Continue.
Your authenticator now shows a fresh 6-digit code for Nautis. Type it into the Verification Code field.
Click Verify.
You'll see "Two-factor authentication enabled successfully." From the next sign-in onwards, you'll be asked for a code.
Step-by-step: sign in with 2FA on
Enter your email and password as normal and click Sign in.
The page switches to Two-Factor Authentication.
Open your authenticator app and find the 6-digit code for Nautis.
Type it in and click Verify.
Step-by-step: turn 2FA off
Go back to Account Settings → Security → Two-Factor Authentication.
Click Disable.
A confirmation dialog asks for your current 6-digit code from the authenticator app.
Enter the Verification Code and click Disable.
You'll see "Two-factor authentication disabled successfully." Future sign-ins will only require your password.
Tips & limits
We use app-based codes only (TOTP). SMS and email codes are not supported — pick an authenticator app you'll keep installed.
The 6-digit code refreshes every 30 seconds. There's a small window of grace, so don't worry if a code is a few seconds old — type the current one and try again if it fails.
You get 10 backup codes when you turn 2FA on. Each one can be used once to sign in if you lose access to your phone.
We never show your QR code or backup codes again — if you lose them, you'll need to disable and re-enable 2FA.
Turning 2FA off requires a valid current code, so a stranger who gets into your session can't quietly disable it without your phone.
FAQ
Which authenticator app should I use?
Any TOTP-compatible app works — Google Authenticator, Authy, Microsoft Authenticator, 1Password, Bitwarden and Duo are all fine.
I lost my phone. How do I get back in?
Use one of the backup codes you saved when you first set up 2FA. Enter it where the 6-digit code would normally go.
I lost my phone and my backup codes. What now?
Contact your administrator or Nautis support — they can disable 2FA on your account so you can sign in and start over.
Does 2FA cover social sign-in too?
Social sign-in (Google, LinkedIn) goes through the provider's own protections. 2FA in Nautis is layered on top of the email/password sign-in.
I see "Invalid verification code" but my time looks right. Why?
Codes are based on the clock on both your phone and our server. If your phone's clock is set manually, switch it to automatic time so it matches.