ResytechResytech Docs
Team Management

Enable Two-Factor Authentication

How to set up SMS-based two-factor authentication on your Resytech account, save your recovery codes, and start using trusted devices.

Two-factor authentication (2FA) protects your account by requiring a verification code from your phone in addition to your password whenever you sign in. Because Resytech accounts can move real money, we strongly recommend enabling 2FA for every team member -- and especially for administrators.

This guide walks you through the full enrollment, what to expect on your next sign-in, and how to manage your trusted devices afterward.

Before you begin

  • You need a US mobile phone that can receive SMS messages.
  • You need your current Resytech password handy -- the wizard asks for it as proof of identity.
  • Have a safe place ready to store your recovery codes (a password manager is ideal).

Steps

1. Open the Security tab

  1. Click your name in the top navigation, or go to Dashboard > Profile.
  2. In the left sidebar, click Security.
  3. Find the Two-Factor Authentication card. If 2FA is not enabled yet, it shows an amber warning banner and a green Enable 2FA button.
  4. Click Enable 2FA. The enrollment wizard opens.

2. Enter your phone number

  1. In the Mobile phone number field, enter the number you want verification codes sent to. You can include spaces, dashes, or parentheses -- the format (415) 555-1234 works just as well as +14155551234.
  2. In the Confirm your password field, enter your current Resytech password.
  3. Click Send verification code.

Resytech sends a 6-digit SMS code to the number you typed in. You should receive it within a few seconds.

Tip: Standard messaging rates apply. The code is sent from the main Resytech number, not from your business's connected Twilio account (if you have one).

3. Verify the code

  1. Open your phone and check the SMS you just received. The message looks like: "Your Resytech verification code is 123456. It expires in 10 minutes. Never share this code with anyone."
  2. Type the 6-digit code into the verification input. On iPhone and modern Android browsers, the code may auto-fill from the SMS notification.
  3. Click Verify and enable.

If you typed the wrong code, you have up to 5 attempts before the code is permanently burned and you have to request a new one. If your code expired, click Back and start step 2 over.

4. Save your recovery codes

After successful verification, Resytech generates ten one-time recovery codes and displays them on screen. They look like abcd-efgh.

This is the only time you will ever see these codes. If you lose them, you have no way to retrieve them -- you can only generate a new batch (which invalidates this one). Save them now:

  1. Click Copy all to copy them to your clipboard, then paste into your password manager.
  2. Or click Download .txt to save them to a text file. Move the file somewhere safe (encrypted disk, locked cloud folder, printed and filed away).
  3. Tick the "I have saved these recovery codes somewhere safe" checkbox at the bottom. The Done button stays disabled until you do.
  4. Click Done.

Why recovery codes matter: If you ever lose your phone, break it, switch carriers, or travel somewhere without service, recovery codes are how you get back into your account. Each code works exactly once, so guard them carefully.

What happens next

  • The Two-Factor Authentication card now shows a green "Enabled" badge with your masked phone number (e.g. +1 ••• ••• 1234) and the date you enrolled.
  • Your next sign-in will require a verification code. Sign out and back in to test it -- you should see a new "Verify your identity" screen between password and dashboard.
  • A new Trusted Devices card appears below the 2FA card. It is empty until you check the "Trust this device for 30 days" box during a sign-in.

Signing in with 2FA enabled

The next time you sign in, the flow looks like this:

  1. Enter your email and password as usual, click Sign in.
  2. The screen changes to "Verify your identity" with your masked phone number.
  3. Resytech sends you a 6-digit code via SMS.
  4. Enter the code. Optionally check Trust this device for 30 days if you are signing in from your own computer.
  5. Click Verify and sign in.

Once you check the trusted-device box on a browser, you will skip the verification step entirely for the next 30 days when signing in from that same browser. You can manage this list any time from Profile > Security > Trusted Devices.

Tips

  • Trust devices you control, not shared computers. If you sign in from a friend's laptop or a hotel business center, leave the trusted-device box unchecked.
  • Keep your recovery codes synced with your password manager. If you save your password in 1Password or Bitwarden, save your recovery codes there too -- the password and recovery codes belong together.
  • You can resend the code. If your SMS does not arrive within a minute, click Didn't get a code? Resend on the verification screen. There is a 60-second cooldown between resends.
  • Daily SMS limit is 10. Across all 2FA flows -- sign-in, enrollment, recovery -- Resytech only sends 10 codes per user per 24 hours. If you hit this limit, use one of your recovery codes instead.
  • The codes expire fast. Each verification code is only valid for 10 minutes. If yours expires, request a new one.
  • Lost your phone? Use a recovery code. See Recover Account Access.

Regenerating recovery codes

If you have used some of your codes (or you suspect they may have been exposed), you can generate a fresh batch:

  1. Go to Profile > Security.
  2. In the Two-Factor Authentication card, click Regenerate recovery codes.
  3. Confirm your password and click Send verification code.
  4. Enter the SMS code you receive.
  5. Save the new batch of ten codes -- the old codes are now invalid.

Disabling 2FA

If you ever need to turn off 2FA (for example, because you are switching to a new phone number):

  1. Go to Profile > Security > Disable 2FA.
  2. Choose I have my phone (sends an SMS code to your enrolled number) or Use a recovery code.
  3. Confirm your password.
  4. Enter the verification code or recovery code.
  5. Click Disable 2FA.

After disabling, your verified phone, your recovery codes, and all your trusted devices are removed. You can re-enable 2FA at any time -- this is the supported way to change your phone number.

For more on the security model and limits, see Two-Factor Authentication.

Configure Roles and Permissions

How to create employee roles, assign administrator access, manage location permissions, and control what team members can do in Resytech.

Recover Account Access

How to sign in to Resytech when you have lost your phone or cannot receive 2FA codes, using a recovery code or by asking an administrator for help.

On this page

Before you beginSteps1. Open the Security tab2. Enter your phone number3. Verify the code4. Save your recovery codesWhat happens nextSigning in with 2FA enabledTipsRegenerating recovery codesDisabling 2FA