Two-Factor Auth

Two-factor authentication (2FA) adds a second layer of security to your account. When enabled, sensitive actions require both your password and a code from your authenticator app.

Setting up 2FA

1. Go to Account → Security → Two-Factor Auth.
2. Choose your method. We support authenticator apps (Google Authenticator, Authy, 1Password, etc.) that generate TOTP codes.
3. Scan the QR code. Open your authenticator app and scan the displayed QR code. It will add a HeartBadge entry.
4. Enter the code. Type the 6-digit code from your authenticator to confirm setup.
5. Save your recovery codes. You'll receive one-time recovery codes. Store these somewhere safe — they're your backup if you lose your authenticator device.

When 2FA is required

With 2FA enabled, you'll be prompted for a code when:

• Signing in from a new device
• Sending rewards above your configured threshold
• Changing security settings
• Exporting your private key

Configuring the send threshold

By default, sends above 100 MNEE require 2FA. You can adjust this in Account → Security → 2FA Threshold:

• Lower threshold → more prompts, more security
• Higher threshold → fewer prompts, faster small sends

If you lose your authenticator

If you lose access to your authenticator device:

1. Use a recovery code. When prompted for 2FA, click "Use recovery code" and enter one of your saved codes. Each code works once.
2. Disable 2FA. After signing in with a recovery code, go to Account → Security and disable 2FA.
3. Set up again. Re-enable 2FA with your new device.

If you've lost both your authenticator and recovery codes, contact support@heartbadge.com. Recovery requires identity verification and may take several days.

Disabling 2FA

To disable 2FA, go to Account → Security → Two-Factor Auth and click "Disable." You'll need to enter a 2FA code to confirm. We recommend keeping 2FA enabled for all accounts with any balance.