Security
✅ Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) adds a second layer of security to your account by requiring not just your password, but also a time-sensitive code from a trusted device.
🔐 What is 2FA?
2FA combines something you know (your password) with something you have (like a smartphone or hardware token). This significantly reduces the risk of unauthorized access—even if someone has your password.
🛡️ Benefits:
- Enhances account protection against phishing and brute-force attacks
- Reduces the risk of unauthorized access from compromised credentials
- Helps meet compliance requirements for security-conscious organizations
- Only the account owner with access to the authenticator app can log in
📲 How to Enable:
- Go to Settings > Preferences > Security
- Click "Setup 2FA" button and scan the displayed QR code with an app like Google Authenticator, Authy, or Microsoft Authenticator.
- Save the recovery codes in a secure location (they allow access if you lose your phone)
- Enter the 6-digit verification code shown in your app to complete setup
🔁 The verification code refreshes every 30 seconds and is unique to your device.
🔐 If 2FA is enabled, you will be prompted for a verification code every time you log in.
📹 Watch the Setup Tutorial:
🛡️ Passkey Authentication
Passkeys offer passwordless, phishing-resistant, and device-bound sign-in using modern authentication standards.
🔐 What Are Passkeys?
Passkeys are cryptographic credentials tied to your device and identity, replacing traditional passwords. They’re based on FIDO2/WebAuthn standards and work using public-private key encryption, making them highly secure.
- Instead of typing passwords, you authenticate using biometrics (like Face ID or fingerprint) or a device PIN.
- A passkey is stored securely on your device and never shared—so even if attackers phish you, they can’t steal your login info.
💡 Key Features:
- Use fingerprint, Face ID, or device PIN
- Passwordless and secure authentication
- Resistant to phishing and credential stuffing
- Syncs across devices (when using platforms like iCloud Keychain or Google Password Manager)
- Fast, one-tap login experience
🛠 How to Register a Passkey:
- Go to Settings > Preferences > Security
- Click Register passkey
- Your device prompts biometric or PIN-based authentication
- On success, the passkey is saved and listed under Your Passkeys
📌 A passkey is unique to each device/browser combination. You can register multiple passkeys for different environments.
📹 Watch the Setup Tutorial:
🧾 Managing Your Passkeys
✏️ Rename:
Click the pencil icon to rename a passkey for easy identification.
🗑 Delete:
Click the trash icon to remove a passkey.
⚠️ This revokes access via that method and may require alternate login or re-registration.
🔐 Tip: Register multiple passkeys on different devices for redundancy and ease of access.
For more assistance with OpenSign™ features or APIs, contact our support team at support@opensignlabs.com.