Two-Factor Authentication & Trusted Devices

Protect your GoValid account with two-factor authentication (2FA) and trusted device management.

Two-Factor Authentication (2FA)

2FA adds an extra layer of security by requiring a verification code in addition to your password.

Enabling 2FA

1. Log in to my.govalid.org
2. Go to Account → Security
3. Click Enable Two-Factor Authentication
4. Scan the QR code with your authenticator app:
   • Google Authenticator
   • Authy
   • Microsoft Authenticator
   • Any TOTP-compatible app
5. Enter the 6-digit code from your app to verify
6. Save your backup codes (store them securely)

Using 2FA

After enabling 2FA, you'll be prompted for a verification code when:

• Logging in from a new device
• Logging in from a new location
• Performing sensitive actions (changing password, API key management)

Disabling 2FA

1. Go to Account → Security
2. Click Disable Two-Factor Authentication
3. Enter your current 2FA code to confirm
4. Enter your password to confirm

Backup Codes

When you enable 2FA, you receive backup codes:

• Each code can be used once
• Store them in a secure location
• Use them if you lose access to your authenticator app
• Generate new backup codes from the security settings

Trusted Devices

Trusted devices allow you to skip 2FA on devices you use regularly.

Trusting a Device

1. Log in with your password and 2FA code
2. Check the "Trust this device" option
3. The device will be added to your trusted list

Managing Trusted Devices

1. Go to Account → Security → Trusted Devices
2. View all trusted devices with:
   • Device name and browser
   • Last used date
   • Location
3. Revoke trust for any device

When Trust is Revoked

Trust is automatically revoked when:

• You change your password
• You disable and re-enable 2FA
• You manually revoke the device
• The device hasn't been used for 90 days

Developer option: API access

Enable 2FA via API

curl -X POST https://api.govalid.org/api/v1/auth/2fa/enable/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "totp_code": "123456"
  }'

Verify 2FA Code

curl -X POST https://api.govalid.org/api/v1/auth/2fa/verify/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "totp_code": "123456"
  }'

Disable 2FA via API

curl -X POST https://api.govalid.org/api/v1/auth/2fa/disable/ \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "totp_code": "123456"
  }'

Troubleshooting

Lost Authenticator App

1. Use a backup code to log in
2. Go to Account → Security
3. Disable and re-enable 2FA
4. Set up your authenticator app again

Lost Backup Codes

1. Log in with your authenticator app
2. Go to Account → Security
3. Generate new backup codes
4. Old backup codes will be invalidated

Can't Access Account

1. Try backup codes first
2. Contact support with account verification
3. Provide identity verification documents if required

Best Practices

1. Always enable 2FA: Essential for account security
2. Save backup codes: Store in a password manager or secure location
3. Trust only personal devices: Don't trust shared or public devices
4. Review trusted devices regularly: Remove devices you no longer use
5. Use a reliable authenticator app: Google Authenticator, Authy, or similar

Related

• Security Overview - Security architecture overview
• Risk-Based Auth - Login risk analysis
• Account & Billing - Account management