Supported authenticator apps
Rankrop uses TOTP (Time-based One-Time Password) — the same standard used by banks and major tech companies. It works with any authenticator app, including:
- Google Authenticator (iOS / Android)
- Authy (iOS / Android / Desktop)
- 1Password (iOS / Android / Mac / Windows)
- Bitwarden Authenticator
- Microsoft Authenticator
- Any other TOTP-compatible app
Enabling 2FA on your account
-
Open your Profile settings
Click your avatar or name in the bottom-left of the sidebar, then select Profile & Security.
-
Click "Enable two-factor auth"
A QR code will appear along with a text secret code (for manual entry if your app doesn't support QR scanning).
-
Scan the QR code with your authenticator app
Open your authenticator app, add a new account, and point the camera at the QR code. It will add a "Rankrop" entry that generates a new 6-digit code every 30 seconds.
-
Enter the confirmation code
Type the current 6-digit code from your authenticator app into the confirmation field and click Confirm. This verifies the QR code scanned correctly before activating 2FA.
-
Save your recovery codes
After confirming, Rankrop generates 8 single-use recovery codes. Save these immediately — store them in a password manager, secure note, or print them. They're the only way to access your account if you lose your authenticator device.
Recovery codes are only shown once at setup. If you lose your phone and don't have a recovery code, you will be locked out of your account and will need to contact support with account verification to regain access — a process that can take 24–48 hours.
Signing in with 2FA enabled
After entering your email and password, you'll be prompted to enter the current 6-digit code from your authenticator app. The code refreshes every 30 seconds — if it's about to expire, wait for the new one before submitting.
Using a recovery code
If you don't have access to your authenticator app, you can use one of your saved recovery codes instead. On the 2FA prompt screen, click Use a recovery code and enter one of your 8 codes. Each code can only be used once — after using all 8, you'll need to disable and re-enable 2FA to get new ones.
Disabling 2FA
Go to Profile & Security → Two-Factor Authentication → Disable. You'll need to confirm with your current password. Once disabled, you can re-enable it at any time to get a new QR code and new recovery codes.
Admins can enforce 2FA workspace-wide from Settings → Security. When enforced, team members who haven't enabled 2FA will be prompted to set it up on next login before they can access the workspace.