Two-Factor Authentication
Secure admin access with TOTP-based 2FA
ATStatus supports Time-based One-Time Password (TOTP) two-factor authentication for admin accounts. When enabled, users must provide both their password and a code from their authenticator app to log in.
How It Works
Enable 2FA
Admin navigates to their profile settings and initiates 2FA setup
Scan QR Code
Scan the QR code with an authenticator app (Google Authenticator, Authy, etc.)
Verify Code
Enter the 6-digit code from your app to confirm setup
Save Recovery Codes
Store your backup recovery codes in a secure location
Compatible Authenticator Apps
Google Authenticator
iOS & Android
Authy
iOS, Android, Desktop
Microsoft Authenticator
iOS & Android
1Password
All platforms
Any TOTP-compatible authenticator app will work with ATStatus.
Enabling 2FA
Two-factor authentication must be enabled at the system level before users can set it up.
Environment Variable
Status Page Setting
Important
Once 2FA is enabled for a user, they cannot disable it without admin intervention. Make sure users save their recovery codes before enabling 2FA.
Account Recovery
If a user loses access to their authenticator app:
- Recovery Codes - Use one of the backup codes provided during setup
- Admin Reset - An admin with OWNER or ADMIN role can reset 2FA for the user
- Database Reset - In emergencies, 2FA can be disabled directly in the database
Technical Implementation
Algorithm
TOTP (RFC 6238) with SHA-1 hash, 6-digit codes, 30-second window
Secret Storage
Encrypted at rest using application-level encryption
Recovery Codes
10 single-use codes generated at setup, hashed in database