Account Security

Lettr supports two-factor authentication (2FA) to add an extra layer of security to your account. When enabled, you’ll need both your password and a time-based verification code from an authenticator app to sign in.

​

Setting Up Two-Factor Authentication

​

Signing In with 2FA

After enabling two-factor authentication, the sign-in process adds one step:

1. Enter your email and password as usual
2. When prompted, enter the 6-digit code from your authenticator app
3. Alternatively, use a recovery code if you don’t have access to your authenticator

​

Recovery Codes

Recovery codes are single-use backup codes that let you sign in when you don’t have access to your authenticator app. Each code can only be used once. To regenerate recovery codes:

1. Go to Settings → Two-Factor Authentication
2. Click Regenerate Recovery Codes
3. Store the new codes securely

​

Disabling 2FA

To disable two-factor authentication:

1. Go to Settings → Two-Factor Authentication
2. Click Disable Two-Factor Authentication
3. Confirm your password

​

Requiring 2FA for Your Team

Team owners can require all team members to enable two-factor authentication. When this is enabled, members without 2FA will be redirected to set it up before they can access any team resources. To enable this requirement:

1. Go to Settings → Team
2. In the Security section, toggle on Require Two-Factor Authentication

Members who haven’t set up 2FA will see a setup prompt when they try to access the dashboard. They can still sign in, but they won’t be able to use any team features until 2FA is configured. For more about team security settings, see Teams.

​

Social Login (OAuth)

Lettr supports signing in with Google and GitHub. Social login provides a convenient alternative to email and password authentication. When you sign in with a social provider for the first time, your social account is linked to your Lettr account automatically (matched by email address). If you don’t have a Lettr account yet, one is created for you with your email automatically verified. Social login does not bypass two-factor authentication. If you have 2FA enabled, you’ll still need to complete the 2FA challenge after authenticating with your social provider. For full details, see Social Login (OAuth).

​

Password Management

You can update your password from Settings → Password. Enter your current password and your new password to make the change. After changing your password, consider signing out of any other active sessions manually from Settings → Browser Sessions if you suspect unauthorized access.

​

Email Address Changes

Changing your account email address requires your current password for verification. This protects against unauthorized email changes if someone gains temporary access to your session. To update your email:

1. Go to Settings → Profile
2. Enter your new email address
3. Confirm your current password
4. Click Save

​

Related Topics