Skip to main content

Multi-factor authentication (MFA)

Add a second sign-in factor to your Boardssey account, save recovery codes, and turn MFA off if you ever need to.

Multi-factor authentication (MFA) adds a second step to your Boardssey sign-in. Even if someone gets your password, they can't sign in without the second factor, usually a 6-digit code from an authenticator app on your phone.

This page walks through turning it on, saving your recovery codes, and (if you ever need to) turning it off again.

What this page helps you do

  • Turn on MFA with an authenticator app.

  • Save the recovery codes you'll need if you lose your phone.

  • Turn MFA off cleanly.

  • Recover if you're locked out (cross-link to the recovery article).

Before you start

  • Have an authenticator app installed on your phone, 1Password, Authy, Google Authenticator, Microsoft Authenticator, or any TOTP-compatible app works.

  • Plan a place to save your recovery codes before you start. A password manager is best; printed and stored somewhere safe is a fine fallback.

  • MFA is a personal-account setting, it protects your sign-in regardless of which team workspace you're working in.

1. Open your personal settings

In the sidebar, click your name (bottom-left), then Settings. Make sure the User tab is selected (the URL ends in /home/settings#user).

Find the Multi-factor authentication section.

2. Start the setup

Click Enable MFA. A panel opens with two things:

  • A QR code, scan this with your authenticator app. The app will add Boardssey as a new entry and start showing 6-digit codes that change every 30 seconds.

  • A secret key, if you can't scan the QR code (working on the same device, for example), tap or copy the key and paste it into your authenticator app manually.

In your authenticator app, the new Boardssey entry shows a 6-digit code.

3. Confirm with a code

Back in Boardssey, type the current 6-digit code from your authenticator app into the verification field. Click Verify (or Enable).

If you mis-type, the codes change every 30 seconds, wait for the next one and try again. If the time on your phone is wrong by more than a minute or two, codes can fail; sync your phone's clock and retry.

When verification succeeds, MFA is on.

4. Save your recovery codes

Boardssey shows you a set of recovery codes, short strings, usually 10 of them. Save these now. Each code is single-use; you can use one of them to sign in if you lose your phone or otherwise can't get an authenticator code.

Good places to save them:

  • Your password manager (alongside your Boardssey password).

  • Printed and kept somewhere physical and safe.

  • An encrypted note in your password manager or notes app.

Bad places to save them:

  • Plain-text email to yourself.

  • A file on your desktop.

  • The same phone you use for the authenticator app (if you lose the phone, you lose both).

Once you've saved the recovery codes, click Done.

What happens next time you sign in

You'll enter your email and password as usual. Then Boardssey asks for the 6-digit code from your authenticator app. Type it in and you're in.

If you signed in via Google or Discord, you'll go through their MFA flow rather than Boardssey's, those providers manage their own second-factor.

Turning MFA off

In Settings β†’ User β†’ Multi-factor authentication, click Disable MFA. You'll need to enter a current 6-digit code to confirm, this is so someone who steals your password can't disable your MFA without also having your phone.

We recommend keeping MFA on, especially for Owners and Admins of team workspaces that hold games you care about.

Tips & common questions

Which authenticator app should I use? Any TOTP-compatible app. 1Password and Bitwarden have it built in. Authy, Google Authenticator, and Microsoft Authenticator are popular standalones. Pick one you'll back up, losing your phone is the main MFA pain point.

Can I have MFA on more than one device? Yes, most authenticator apps sync across devices, or you can scan the QR code on multiple devices during setup. You can also use one of your recovery codes from a new device once.

I lost my phone and didn't save recovery codes. See I'm locked out: MFA recovery for the steps. The short version: contact us via email; you'll need to verify your identity before MFA is reset.

Can I require MFA for everyone on my team? Not yet, MFA is opt-in per personal account today. We're tracking team-wide MFA enforcement on the roadmap.

Why did Boardssey ask me to verify my password before changing MFA? Disabling MFA or changing recovery codes is a sensitive operation, so we re-prompt for your password as a guard against drive-by takeovers (someone using your already-signed-in session).

Related articles

Related Articles
Welcome to Boardssey
I'm locked out, MFA recovery
Sign-in problems
Delete your personal account
Delete a team workspace
Did this answer your question?