Two-factor authentication (2FA) adds a second verification step every time you log in. Even if your password is stolen, an attacker cannot access your account without your phone.
Supadir uses TOTP (Time-based One-Time Password) — the same standard used by Google, GitHub, and most banks. You’ll need an authenticator app on your phone.
Recommended authenticator apps
- Google Authenticator (iOS / Android) — simple and reliable
- Authy (iOS / Android / Desktop) — supports cloud backup of your codes
- 1Password or Bitwarden — if you already use a password manager with built-in TOTP
Enabling 2FA
Go to Security settings
In your admin panel, go to Settings → Security and click Set up two-factor authentication.
Scan the QR code
Open your authenticator app and scan the QR code shown on screen. If you can’t scan it, click Show manual key and enter the code by hand.
Verify the setup
Enter the 6-digit code shown in your authenticator app to confirm the setup worked.
Save your backup codes
After verification, Supadir shows you 8 backup codes. These are single-use codes you can use instead of the authenticator app if you lose access to your phone.Save them now. They are shown only once. We recommend storing them in a password manager or printing them out and keeping them somewhere safe.
If you lose your phone and don’t have backup codes, you will be locked out of your account. Contact Supadir support to regain access.
Logging in with 2FA enabled
After enabling 2FA, every login requires:
- Your email and password (as usual)
- A 6-digit code from your authenticator app
The code changes every 30 seconds. Enter it within that window. If it expires while you’re typing, just use the next one.
Using a backup code
On the login screen, instead of entering a 6-digit code, click Use a backup code and enter one of your saved codes. Each code can only be used once.
After using a backup code, go to Settings → Security to check how many backup codes you have left. You can generate a fresh set by disabling and re-enabling 2FA.
Disabling 2FA
Go to Settings → Security and click Disable two-factor authentication. You’ll be asked to confirm with a current TOTP code before it’s turned off.
We strongly recommend keeping 2FA enabled at all times. Your admin account has full control over your catalog, including billing and listing data.