Skip to main content

Security

✅ Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) adds a second layer of security to your account by requiring not just your password, but also a time-sensitive code from a trusted device.

🔐 What is 2FA?

2FA combines something you know (your password) with something you have (like a smartphone or hardware token). This significantly reduces the risk of unauthorized access—even if someone has your password.

🛡️ Benefits:

  • Enhances account protection against phishing and brute-force attacks
  • Reduces the risk of unauthorized access from compromised credentials
  • Helps meet compliance requirements for security-conscious organizations
  • Only the account owner with access to the authenticator app can log in

📲 How to Enable:

  1. Go to Settings > Preferences > Security
  2. Click "Setup 2FA" button and scan the displayed QR code with an app like Google Authenticator, Authy, or Microsoft Authenticator.
  3. Save the recovery codes in a secure location (they allow access if you lose your phone)
  4. Enter the 6-digit verification code shown in your app to complete setup

🔁 The verification code refreshes every 30 seconds and is unique to your device.
🔐 If 2FA is enabled, you will be prompted for a verification code every time you log in.

📹 Watch the Setup Tutorial:

🛡️ Passkey Authentication

Passkeys offer passwordless, phishing-resistant, and device-bound sign-in using modern authentication standards.

🔐 What Are Passkeys?

Passkeys are cryptographic credentials tied to your device and identity, replacing traditional passwords. They’re based on FIDO2/WebAuthn standards and work using public-private key encryption, making them highly secure.

  • Instead of typing passwords, you authenticate using biometrics (like Face ID or fingerprint) or a device PIN.
  • A passkey is stored securely on your device and never shared—so even if attackers phish you, they can’t steal your login info.

💡 Key Features:

  • Use fingerprint, Face ID, or device PIN
  • Passwordless and secure authentication
  • Resistant to phishing and credential stuffing
  • Syncs across devices (when using platforms like iCloud Keychain or Google Password Manager)
  • Fast, one-tap login experience

🛠 How to Register a Passkey:

  1. Go to Settings > Preferences > Security
  2. Click Register passkey
  3. Your device prompts biometric or PIN-based authentication
  4. On success, the passkey is saved and listed under Your Passkeys

📌 A passkey is unique to each device/browser combination. You can register multiple passkeys for different environments.

📹 Watch the Setup Tutorial:

🧾 Managing Your Passkeys

✏️ Rename:

Click the pencil icon to rename a passkey for easy identification.

🗑 Delete:

Click the trash icon to remove a passkey.
⚠️ This revokes access via that method and may require alternate login or re-registration.

🔐 Tip: Register multiple passkeys on different devices for redundancy and ease of access.

For more assistance with OpenSign™ features or APIs, contact our support team at support@opensignlabs.com.