Two-factor authentication (2FA)
Zestly supports time-based one-time password (TOTP) two-factor authentication for additional account security.
Setting up 2FA
- ā¢Go to Settings ā Security
- ā¢Click Enable Two-Factor Authentication
- ā¢Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, or similar)
- ā¢Enter the 6-digit code from the app to confirm setup
- ā¢Save the backup codes shown ā store these somewhere safe
"The code is invalid or expired"
TOTP codes are time-sensitive and expire every 30 seconds. This error usually means:
- ā¢Your device's clock is not synchronised correctly
- ā¢You're entering an old code that has already expired
- ā¢You're using the wrong authenticator account (if you have multiple)
Fix your device clock:
- ā¢On iPhone: Settings ā General ā Date & Time ā turn on "Set Automatically"
- ā¢On Android: Settings ā General Management ā Date and Time ā turn on "Automatic date and time"
- ā¢On Windows: Settings ā Time & Language ā Date & Time ā "Sync now"
After syncing the clock, try the code again.
Lost access to your authenticator app
If you've lost your phone or deleted your authenticator app:
- ā¢Use one of the backup codes you saved when setting up 2FA
- ā¢Each backup code can only be used once
If you no longer have backup codes, contact hello@zestly.com.au from the email address on your account. We'll verify your identity and reset 2FA. This process takes 1ā2 business days for security reasons.
Disabling 2FA
- ā¢Go to Settings ā Security
- ā¢Click Disable Two-Factor Authentication
- ā¢Enter a valid 2FA code to confirm
We recommend keeping 2FA enabled at all times, especially for accounts with access to client data.
2FA for team members
Admins can require all team members to set up 2FA from Settings ā Security ā Require 2FA for Team. Members will be prompted to set it up on their next login.
Was this article helpful?