Setting up two-factor authentication
Required for all accounts. How to enroll, where to store backup codes.
Why 2FA is required
Your VolatilityFarmer account controls a bot that can move money. A leaked password alone shouldn't be enough for an attacker to take over. We require TOTP (time-based one-time passwords) on every account.
1. Open the enrollment page
Visit /me/totp/enroll from your profile. We'll display a QR code + a base32 secret string.
2. Scan the QR code in your authenticator app
Use any TOTP-compatible app:
- Google Authenticator (iOS / Android)
- 1Password (built into the password manager)
- Authy
- Microsoft Authenticator
- Bitwarden Authenticator
Tap "Add account" in your app, then scan the QR code. The app will start showing a fresh 6-digit code every 30 seconds.
3. Confirm with the first code
Enter the current 6-digit code from your authenticator into the confirmation field. If it matches, 2FA is enrolled. From now on, you'll be prompted for a TOTP code at every login.
4. Save your backup codes
After enrollment, we show 10 single-use backup codes. Save these somewhere safe right now — they're the only way to sign in if you lose your phone / lose your authenticator app / switch devices.
Recommended storage:
- Print them and put them in a fireproof safe.
- Save them in your password manager as a separate "secure note" entry.
- Email them to yourself at a backup address (acknowledge the trade-off — email is less secure than a password manager, but anything is better than nothing).
Do NOT store them on the same device as your authenticator app — if that device is lost or stolen, you'd lose both at once.
5. If you lose your device
See Lost your 2FA device.
Regenerating backup codes
You can regenerate backup codes at any time from /me security section. Doing so invalidates the previous set — only the new codes work after regeneration.