Lettr supports two-factor authentication (2FA) to add an extra layer of security to your account. When enabled, you’ll need both your password and a time-based verification code from an authenticator app to sign in.
Setting Up Two-Factor Authentication
Go to Security Settings
Navigate to Settings → Two-Factor Authentication in the sidebar.
Enable 2FA
Click Enable Two-Factor Authentication. You’ll be prompted to confirm your password.
Scan the QR Code
Open your authenticator app (such as Google Authenticator, Authy, or 1Password) and scan the QR code displayed on screen.
Enter Verification Code
Enter the 6-digit code from your authenticator app to confirm the setup.
Save Recovery Codes
After enabling 2FA, you’ll receive a set of recovery codes. Store these in a safe place — they’re the only way to access your account if you lose your authenticator device.
Recovery codes are shown only once. Store them securely (e.g., in a password manager). If you lose both your authenticator device and your recovery codes, you will not be able to access your account.
Signing In with 2FA
After enabling two-factor authentication, the sign-in process adds one step:
- Enter your email and password as usual
- When prompted, enter the 6-digit code from your authenticator app
- Alternatively, use a recovery code if you don’t have access to your authenticator
Recovery Codes
Recovery codes are single-use backup codes that let you sign in when you don’t have access to your authenticator app. Each code can only be used once.
To regenerate recovery codes:
- Go to Settings → Two-Factor Authentication
- Click Regenerate Recovery Codes
- Store the new codes securely
Regenerating recovery codes invalidates all previous codes. Make sure to update your stored codes.
Disabling 2FA
To disable two-factor authentication:
- Go to Settings → Two-Factor Authentication
- Click Disable Two-Factor Authentication
- Confirm your password
Requiring 2FA for Your Team
Team owners can require all team members to enable two-factor authentication. When this is enabled, members without 2FA will be redirected to set it up before they can access any team resources.
To enable this requirement:
- Go to Settings → Team
- In the Security section, toggle on Require Two-Factor Authentication
Members who haven’t set up 2FA will see a setup prompt when they try to access the dashboard. They can still sign in, but they won’t be able to use any team features until 2FA is configured.
The team settings page shows which members have 2FA enabled (green shield icon) and which don’t (gray shield with alert). Review this before enabling the requirement to give your team advance notice.
Social Login (OAuth)
Lettr supports signing in with Google and GitHub. Social login provides a convenient alternative to email and password authentication.
When you sign in with a social provider for the first time, your social account is linked to your Lettr account automatically (matched by email address). If you don’t have a Lettr account yet, one is created for you with your email automatically verified.
Social login does not bypass two-factor authentication. If you have 2FA enabled, you’ll still need to complete the 2FA challenge after authenticating with your social provider.
For full details, see Social Login (OAuth).
Password Management
You can update your password from Settings → Password. Enter your current password and your new password to make the change.
