Two-Factor Authentication (2FA) adds a critical second layer of security to your Rackwave account. Even if someone obtains your password, they cannot log in without the second factor — a time-based code from your authenticator app. This article explains how to set up 2FA, manage backup codes, and recover access if you lose your device.
Why Enable 2FA?
- Your Rackwave account controls email delivery infrastructure, SMS sending, API keys, and billing. A compromised account could result in unauthorised sending, data exposure, or unexpected charges.
- Passwords can be stolen through phishing, data breaches on other services, or brute-force attacks. 2FA renders a stolen password useless without the second factor.
- 2FA is strongly recommended for all account owners, admins, and anyone with platform access.
Supported 2FA Methods
| Method | How It Works | Security Level | Recommended |
|---|---|---|---|
| Authenticator App (TOTP) | App generates a 6-digit code that changes every 30 seconds | Very High | ✓ Preferred |
| SMS OTP | A one-time code is sent to your registered phone number via SMS | Medium | Acceptable fallback |
| Email OTP | A one-time code is sent to your registered email address | Medium | Acceptable fallback |
How to Enable 2FA with an Authenticator App (TOTP)
- Install an authenticator app on your mobile device if you have not already done so.
- Log in to the Rackwave portal.
- Go to My Account → Security → Two-Factor Authentication.
- Click Enable 2FA.
- Select Authenticator App as your method.
- A QR code is displayed on screen. Open your authenticator app and scan the QR code.
- If you cannot scan the QR code, click Enter key manually and type the secret key shown into your authenticator app.
- Your authenticator app will now show a 6-digit code that refreshes every 30 seconds.
- Enter the current 6-digit code into the Verification Code field on the Rackwave page.
- Click Verify & Enable.
- 2FA is now active on your account.
Saving Your Backup Codes
Immediately after enabling 2FA, Rackwave provides a set of one-time backup codes. These are critical — they allow you to log in if you lose access to your authenticator app.
- You are given 10 backup codes, each usable exactly once.
- Download or print the backup codes and store them securely — in a password manager, a locked safe, or a secure offline location.
- Do not store backup codes in the same place as your password.
- Each code can only be used once. Used codes are automatically invalidated.
- If you use most of your backup codes, regenerate a new set from the Security settings page.
Logging In with 2FA Enabled
Once 2FA is active, every login requires two steps:
- Enter your email and password as usual and click Login.
- A second screen appears prompting for your 2FA code.
- Open your authenticator app and enter the current 6-digit code.
- Click Verify. You are now logged in.
The 2FA code is valid for 30 seconds. If the code expires before you submit it, wait for the next code to appear in your app and enter that instead.
Using a Backup Code to Log In
- On the 2FA verification screen, click Use a backup code instead.
- Enter one of your saved one-time backup codes.
- Click Verify. You are logged in.
- The used backup code is invalidated immediately — it cannot be reused.
- After logging in with a backup code, immediately go to Security settings to reconfigure your authenticator app or generate new backup codes.
How to Disable 2FA
- Log in to the Rackwave portal (you will need your 2FA code to do so).
- Go to My Account → Security → Two-Factor Authentication.
- Click Disable 2FA.
- Enter your current password to confirm.
- Enter a valid 2FA code or backup code to authorise the change.
- 2FA is disabled. Your account is now protected by password only.
Lost Your Phone? Account Recovery Steps
- Attempt login using a saved backup code — this is the fastest recovery path.
- If you have no backup codes, open a support ticket from a different verified contact method.
- Subject: 2FA Recovery Request — Account Locked Out.
- Provide your registered email, company name, and any available identity verification (e.g. last invoice number, billing address).
- The support team will verify your identity and disable 2FA within 1–3 business days, after which you can log in and re-enable with your new device.