Two-factor authentication (2FA) means that knowing your password is not enough to sign in — an attacker also needs a one-time code from your email. We strongly recommend turning it on, especially if you own a workspace.
How 2FA works on Zendrhax
We use email-based one-time codes (OTP). When you sign in:
- You enter your email and password as usual.
- Instead of dropping you into the platform, we email you a 6-digit code.
- You enter the code on the next screen.
The code expires in 5 minutes. If it expires before you enter it, the screen has a Resend code button (rate-limited so a bot can't spam codes).
Enable 2FA
- Sign in.
- Open
/settings. - Scroll to Two-factor authentication.
- Click Enable 2FA.
That's it — the next time you sign in, the flow asks for a code.
Disable 2FA
Same place, click Disable 2FA. We'll ask you to confirm with your password.
What if I lose access to my email?
Email-based 2FA is convenient but means that if you also lose access to your email account, you can't get into Zendrhax.
If this happens, write to support@zendrhax.com from any email address with as much identifying information as possible. We'll work through the recovery options manually.
Suspicious-login alerts
Independent of 2FA, the platform watches for signs that someone other than you might be signing in — a brand-new device, a new country, an unusual IP. When that happens we send you a notification email so you can react.
You can review your recent logins at /settings → Active sessions. If something looks wrong:
- Click Revoke all other sessions.
- Change your password.
- Enable 2FA if you hadn't already.