Two-factor authentication (2FA) means anyone trying to log in to your account needs both your password and a 6-digit code that rotates every 30 seconds. If a phisher gets your password they still can't deploy under your name, billing changes still need physical access to your phone, and project deletes can't happen with leaked credentials alone.
Launchverse 2FA is available on every plan including Free. Some platforms gate 2FA behind paid tiers, which we think is misguided — the security of your account shouldn't depend on what you pay.
Before you start
You need an authenticator app installed on your phone (or a password manager that supports TOTP). Any of these work:
- 1Password (TOTP built into items)
- Bitwarden (TOTP on premium)
- Authy
- Google Authenticator
- Microsoft Authenticator
- Yubico Authenticator
If you don't already have one, install 1Password Free or Authy on your phone. They're both free for personal use.
1. Open Profile settings
In the dashboard, click your avatar (top right) → Profile. Scroll to Two-Factor Authentication.
2. Click Enroll
A QR code appears alongside a secret string. Open your authenticator app, tap the "+" button to add a new entry, and either:
- Point your phone camera at the QR code (faster), or
- Type the secret string manually (works if your camera is bad).
The app will name the entry "Launchverse" automatically and start showing a 6-digit code that rotates every 30 seconds.
3. Verify
In the dashboard, type the current 6-digit code from your authenticator into the verification field and click Verify. The code is checked server-side; if it matches, 2FA is enabled immediately.
You'll see a green "2FA is enabled" badge replace the amber warning.
4. Test it
Sign out and sign back in. After your password is accepted, the dashboard will prompt for a code from your authenticator. Type the current 6 digits — you're in.
What if I lose my phone?
Today, the recovery path is a manual support request from the email address on your account; we'll verify your identity and help you disable the lost factor. We're shipping recovery codes (printable backup codes) in a future release.
Disabling 2FA
You can turn 2FA off at any time from the same Profile page. We don't recommend it: the second factor is the difference between "annoying inconvenience for a phisher" and "phisher takes over your account."
Frequently asked
Does 2FA cost money? No. Free, Pro, and Enterprise all include it.
Does it work with hardware keys (YubiKey, etc.)? Today only TOTP-based authenticator apps. WebAuthn / passkey support is on the roadmap.
What about my team members? Each user enables 2FA on their own account. If you're a team owner managing a Pro / Enterprise team, we strongly recommend enforcing it across the team — Settings → Security on the team page lets you require 2FA for every member before they can deploy.