Two-Factor Authentication (2FA)
Monetro supports TOTP-based two-factor authentication using authenticator apps like Google Authenticator, Authy, or Bitwarden.
Setup
- Go to Settings > Security > "Set up 2FA"
- Scan the QR code with your authenticator app
- Enter the 6-digit code to confirm
- Save your backup codes securely (one-time use, in case you lose your authenticator)
Login with 2FA
After entering your email and password, you'll be prompted for a 6-digit code from your authenticator app.
Disable 2FA
- Go to Settings > Security
- Enter your current 6-digit code
- Click "Disable 2FA"
You can also use a backup code instead of the 6-digit code (max 8 characters).
Emergency Reset (Server-Side)
If you've lost access to your authenticator and all backup codes, an admin can reset 2FA via the server:
docker exec monetra-backend node -e "
const {PrismaClient}=require('@prisma/client');
const p=new PrismaClient();
p.user.findFirst({where:{email:'USER_EMAIL'}})
.then(u=>p.user.update({
where:{id:u.id},
data:{twoFactorEnabled:false, twoFactorSecret:null, twoFactorBackupCodes:[]}
}))
.then(()=>console.log('2FA reset OK'))
.catch(console.error)
.finally(()=>p.\$disconnect())
"
caution
This removes 2FA entirely for the user. They should set up 2FA again immediately after regaining access.
Supported Methods
| Method | Type | Description |
|---|---|---|
| TOTP | Software | Google Authenticator, Authy, Bitwarden |
| Passkeys | Hardware/Platform | Touch ID, Face ID, YubiKey (see Passkeys guide) |
| Biometric | Mobile | Fingerprint / Face ID on iOS & Android |