Two-Factor Authentication

Two-factor authentication (2FA) adds an extra layer of security to your dialnote account. Even if someone gets your password, they can't sign in without the second verification step from your phone or authenticator app.

Coming soon

Two-factor authentication is actively being developed and isn't available yet. This page covers what to expect when it launches. We'll notify all users once 2FA is ready to set up.

How It'll Work#

When 2FA is enabled, signing into dialnote will require two things:

Your password — the one you already use today.
A verification code — a 6-digit code from an authenticator app on your phone.

After entering your email and password, you'll be prompted for the code. Codes rotate every 30 seconds, so they can't be reused.

This applies to email/password sign-ins. If you use social login (Google, Microsoft, or Apple), your identity provider handles its own multi-factor authentication separately.

What You Can Do Right Now#

While 2FA isn't live yet, there are several ways to keep your account secure today:

Use a strong password — dialnote requires passwords between 8 and 128 characters. Pick something unique that you don't reuse across other services.
Sign in with Google, Microsoft, or Apple — These providers support their own 2FA, so you get that extra protection through them. This is the best option if you want multi-factor security right now.
Protect your API keys — API keys are shown only once at creation time and stored as SHA-256 hashes. Keep them in a secrets manager or password vault.
Review team access — Regularly check who has access to your workspace under Settings → User Management. Remove anyone who no longer needs access.

Pro tip

Want 2FA protection today? Sign in with Google, Microsoft, or Apple and enable 2FA on that provider's account. You'll get multi-factor security for dialnote without waiting for the built-in feature.

Planned Features#

Here's what's on the roadmap for dialnote's 2FA implementation:

TOTP-based codes — Works with any authenticator app (Google Authenticator, Authy, 1Password, etc.)
Per-user control — Each team member can enable 2FA independently on their own account.
Backup options — Recovery codes for when you don't have your authenticator app handy.

Frequently Asked Questions#

Will 2FA be required or optional? It'll be optional per user. Workspace owners may get the ability to require 2FA for all team members in a future update.

Does social login already have 2FA? It depends on your provider's settings. Google, Microsoft, and Apple all support 2FA — if you've turned it on there, it protects your dialnote sign-in too.

What happens to existing sessions when 2FA launches? Current sessions won't be interrupted. You'll set up 2FA from your account settings, and it'll apply the next time you sign in.