Authenticator App (TOTP)
How to set up and use an authenticator app for two-factor authentication on your Forbidden Finance account.
Overview
An authenticator app provides two-factor authentication (2FA) for your Forbidden Finance account using time-based one-time passwords (TOTP). After entering your password during login, you also enter a 6-digit code generated by your authenticator app. The code changes every 30 seconds, which means even if someone knows your password, they cannot access your account without your phone.
Authenticator apps work offline and do not require a text message or internet connection to generate codes, making them more reliable than SMS-based 2FA.
Supported Authenticator Apps
Any app that supports TOTP (RFC 6238) works with Forbidden Finance. Popular options include:
- Google Authenticator (iOS, Android)
- Authy (iOS, Android, Desktop)
- 1Password (iOS, Android, macOS, Windows)
- Microsoft Authenticator (iOS, Android)
- Bitwarden (iOS, Android, Desktop, Browser extension)
How to Set Up an Authenticator App
Open Security Settings
In Forbidden Finance, go to Settings > Security > Authenticator App.
Tap Set Up Authenticator
Tap Set Up Authenticator. A QR code and a text-based secret key appear on screen.
Scan the QR code
Open your authenticator app and scan the QR code. If your authenticator app is on the same device, tap the text-based secret key to copy it and add it manually.
Enter the verification code
Your authenticator app immediately starts generating 6-digit codes. Enter the current code into Forbidden Finance to verify the setup.
Save your backup
Write down or securely store the text-based secret key shown during setup. This is your recovery option if you lose access to your authenticator app.
How to Sign In with an Authenticator App
Enter your email and password
Sign in with your email and password as usual.
Enter the 6-digit code
Open your authenticator app and type the current 6-digit code. Codes refresh every 30 seconds. If the code is about to expire, wait for the next one to avoid a timing mismatch.
How to Remove an Authenticator App
Open Security Settings
Go to Settings > Security > Authenticator App.
Tap Remove
Tap Remove Authenticator. You are prompted to confirm with your password.
Tips
Frequently Asked Questions
What if my code is rejected?
TOTP codes are time-sensitive. Make sure your device's clock is set to automatic. Even a one-minute difference can cause codes to be rejected. If the issue persists, wait for the next code cycle and try again.
Can I use an authenticator app and a passkey at the same time?
Yes. You can have both methods set up. During password-based login, you choose which second factor to use. Passkey sign-in bypasses both your password and authenticator entirely.
I lost my phone. How do I get back in?
If you saved the text-based secret key during setup, add it to a new authenticator app on a different device. If you did not save the backup key, contact support at support@403fin.io with proof of account ownership to regain access.
Can I switch authenticator apps?
Yes. Remove the authenticator from your Forbidden Finance account (Settings > Security > Authenticator App > Remove), then set it up again and scan the new QR code with your preferred app.
Is an authenticator app more secure than a passkey?
Both are strong options. Passkeys are slightly more secure because they are phishing-resistant -- the cryptographic handshake only works with the real Forbidden Finance app. Authenticator codes can theoretically be intercepted if you enter them on a fake site. For maximum security, use a passkey as your primary method and keep an authenticator as a backup.
Related Articles
Passkeys
Set up the recommended phishing-resistant login method.Security Overview
See all security features at a glance.Login Problems
Troubleshoot MFA and login issues.Session Management
View and revoke active sessions.Need more help? Contact us at support@403fin.io.
Last updated today
Built with Documentation.AI