Securing Your Account With Two-Factor Authentication

Two-factor authentication (2FA) requires a second factor in addition to your password at sign-in. We strongly recommend enabling it on every account. Personal 2FA setup lives at Profile → Security.

Why 2FA matters here

Blocx accounts can buy and release phone numbers, send messages, charge cards, and reach customer data. Password-only accounts are a single phishing email away from compromise. 2FA blocks the vast majority of those attacks.

Available factors

You can enable either or both of the following at Profile → Security:

• Authenticator app (TOTP) — works with 1Password, Authy, Google Authenticator, Microsoft Authenticator, Bitwarden, or any TOTP-compatible app.
• Passkey (WebAuthn) — biometric or hardware-backed credentials such as Touch ID, Windows Hello, or a YubiKey.

Setting up either factor walks you through a one-time verification step. Once enabled, the factor is required at the next sign-in.

Signing in with 2FA

After entering your password, you're redirected to auth/2fa-verify where you'll authenticate with any enabled factor.

Managing factors

From Profile → Security you can enable a factor, disable it, or add the second factor type alongside the first. We recommend enabling both TOTP and a passkey so you have a backup if one device is lost.

Recovery

If you lose access to all of your registered factors, contact Blocx support from outside the dashboard. We require identity verification before resetting 2FA — that intentional friction is what protects you against social-engineering attacks.

Related articles

• Inviting Team Members
• Managing API Keys
• Sending One-Time Passcodes With the 2FA API