Security and 2FA

Secure your account with two-factor authentication (TOTP)

Secure access to your account

OmniaStudio supports Google login (OAuth) and two-factor authentication (2FA) to protect your data.

On first access, you can use the Sign in with Google button:

Select the Google account to use
OmniaStudio will have access to your name and email
You'll be logged in instantly

You don't need to remember a password — Google manages the authentication security.

What is 2FA (Two-Factor Authentication)

2FA adds a second security step: in addition to password/Google, you must provide a one-time code (OTP, One-Time Password) generated by an app on your phone.

Benefits:

Even if someone discovers your password, they can't access without the code
Protects your content and billing data

Enable 2FA

Open your personal menu → Security tab
Two-Factor Authentication section
Click Enable 2FA
Download an authenticator app on your phone (recommended: Google Authenticator, Authy, Microsoft Authenticator)
Scan the QR code shown with the authenticator app
You'll see 6-digit codes that change every 30 seconds
Enter the current code in OmniaStudio's field
Click Verify and enable

2FA is now active. On next login, you'll be asked for the code after password/Google.

Important: save the backup code (secret) in a safe place. If you lose access to your phone, you'll need it to restore the account.

Disable 2FA

If you want to turn off 2FA:

Open the Security tab
Two-Factor Authentication section (shows "Enabled")
Enter a current code from your authenticator app
Click Disable

2FA will be removed. On next login, you can access with just password/Google.

Account recovery

If you lose access to your phone (and the authenticator app):

At login, when it asks for the 2FA code, select I don't have access to my device
You'll be redirected to a recovery form
Use the backup code you saved during setup
If you don't have it, contact support ([email protected])

Prevention: save the backup code in a password manager (1Password, Bitwarden) or on paper in a secure location.

Access from untrusted devices

If you use a public computer (internet café, library):

Don't check "Remember me on this device" (if available)
Log out after each session
If you use 2FA, the code won't be cached

Reset your password

If you forget your Google password, reset it on the Google website (accounts.google.com).

If you use an internal password (legacy):

Go to /password-reset
Enter your email
You'll receive a reset link via email
Click the link and set a new password

Note: the reset link expires after 1 hour.

Stay safe

✅ Use 2FA — especially if you have payment methods linked
✅ Save your backup code — somewhere safe offline
✅ Log out on public devices — always, at the end of each session
✅ Change your password periodically — at least every 6 months
✅ Use verified email — make sure your email is correct (we use it for resets)

Don't:

❌ Share your password with others
❌ Use the same password on multiple sites
❌ Click links from unverified emails saying "Verify account"
❌ Save the backup code in your browser (save offline or in password manager)

Common questions

"I lose my 2FA codes after 30 seconds, is that normal?"

Yes, OTPs change every 30 seconds. Enter the code visible at the time — it won't work after refresh.

"Can I use multiple devices for authenticator?"

Yes, you can scan the same QR on 2-3 devices. If you lose your main phone, the app on backup will generate the same codes.

"What is the 'backup code' from the QR?"

It's the secret string (e.g., JBSWY3DPEBLW64TMMQ======) that generates the codes. Save it: if you lose your phone and don't have it, you can't access without contacting support.

"If I change phones, do I need to reset 2FA?"

No. Download the authenticator app on your new phone and scan the same QR (or enter the backup code manually). Codes will be synchronized.

"Is 2FA mandatory?"

No, it's optional. But we strongly recommend it if you use payment methods.