Two-factor authentication

Add a second layer of security to your account. Canary9 supports app-based two-factor authentication (2FA) using time-based one-time passwords (TOTP), the same standard used by Google Authenticator, 1Password, Authy, and others.

Enable two-factor authentication

Open Settings from the user menu in the sidebar and find the Two-factor authentication section. Select Enable to start enrollment. Canary9 shows a QR code and a secret key:

The Canary9 two-factor authentication enrollment screen showing a QR code and a field to enter a verification code.
Scan the QR code with your authenticator app, then enter the 6-digit code.
  1. Open your authenticator app and add a new account by scanning the QR code. If you can't scan, enter the secret key manually.
  2. Your app starts generating a 6-digit code that changes every 30 seconds.
  3. Enter the current code in Canary9 and select Confirm to turn on 2FA.

Save your backup codes

Once 2FA is enabled, Canary9 shows a set of one-time backup codes. Store these somewhere safe: a password manager is ideal. If you ever lose access to your authenticator app, a backup code lets you sign in. Each code works once.

Important: backup codes are shown only once, at enrollment. If you lose them and your authenticator device, you may be locked out of your account.

Signing in with 2FA

After 2FA is on, signing in asks for your password and then the current 6-digit code from your authenticator app (or a backup code). Nothing else about your workflow changes.

Disable two-factor authentication

In Settings → Two-factor authentication, select Disable and confirm with your account password. We recommend keeping 2FA on for every account, especially for admins who can manage your organization's endpoints and members.