Two-Factor Authentication
Protect your Locari account permanently — even if your password falls into the wrong hands.
With two-factor authentication (MFA), an attacker needs both your password and access to your smartphone. Locari uses TOTP — you scan a QR code once, and your authenticator app generates a one-time code at each login.
Setup: Scan QR code with authenticator app (TOTP). Login: Locari sends a 6-digit code to your email — enter it or enable "remember device" for 30 days.
Common Tasks
- Set up MFA — scan QR code
- Remember device for 30 days
- Remove a factor
- Recommend MFA for all team members
How to
Set up MFA
- User menu top-right > Settings > Account tab.
- In the Two-Factor Authentication section, click Set up new factor.
- Enter a memorable name for this factor, e.g. Stefan's iPhone 15 — so you can identify it later in the factor list.
- Scan the displayed QR code with your authenticator app (Google Authenticator, Authy, or Microsoft Authenticator).
- Enter the 6-digit code the app shows immediately, then click Activate factor.
- MFA is now active — at your next login you will receive a code by email.
Note the factor name. When you change your smartphone, you must remove the old factor and set up MFA again on the new device.
At Login
- Enter email and password.
- Locari sends a 6-digit code to your email address.
- Enter the code — it is confirmed automatically when 6 digits are entered.
- Optional: enable Remember this device for 30 days to skip code entry on this device for the next 30 days.
- If no code has arrived: Resend code (available after 60 seconds).
Remove Factor
- User menu top-right > Settings > Account tab.
- In the Two-Factor Authentication section, click Disable factor.
- Confirm — MFA is then deactivated.
Without MFA, your account is protected only by your password. Set up MFA on the new device before removing it from the old one.
Views and Fields
Setup Dialog
- Factor name (freely selectable, e.g. Stefan's iPhone 15)
- QR code (TOTP, displayed once only)
- Confirmation field for the 6-digit code from the app
Login Screen (MFA Challenge)
- 6-digit input field (numeric, auto-submitted on complete entry)
- Checkbox Remember this device for 30 days
- Link Resend code (after 60-second wait)
- Link Sign out (if code never arrives and support is unreachable)
Factor List (Account Settings)
- Factor name
- Creation date
- Disable factor button
Audit and History
Every MFA activation and deactivation is stored in your account security history. Locari records when a factor was set up and when it was removed.
The security history is visible to you only, not to your team. If you lose your smartphone and have no backup device, contact support@locari.ai — proof of identity is required.
Permissions and Multi-select
- Set up and remove MFA: each team member manages only their own account.
- Reset third-party factors: super-administrators only (internal Locari team) — this is an irreversible support action.
- Recommendation for teams with sensitive data: as owner, ask all team members to set up MFA — system-enforced mandatory MFA for the workspace is not currently available, but can be implemented via team policy.
- Overview of all team members: Team Management — invite members, change roles, transfer ownership.