Başlayın

Enabling two-factor authentication (2FA) on your account.

How to add TOTP-based 2FA to your Rivervo panel — Google Authenticator, Authy, 1Password, or any TOTP app.

2 DƏQ OXUMA

Account passwords leak. 2FA means a leaked password isn't enough to log in. Set this up today.

Setup

  1. Log in to panel.rivervo.com
  2. Profile → Security → Two-factor authentication
  3. Click Enable 2FA

A QR code appears.

Scan with your authenticator app

Open one of:

  • Google Authenticator (free, simple)
  • Authy (free, syncs across devices)
  • 1Password / Bitwarden / LastPass (if you use a password manager — recommended)
  • Microsoft Authenticator (free, integrates with MS accounts)

Scan the QR code. The app shows a 6-digit code that rotates every 30 seconds.

Verify

Enter the current 6-digit code into the panel. Hit Verify.

If correct, 2FA is now active. From this moment, every login requires both your password AND a fresh code from the app.

Save backup codes

After enabling, the panel shows 8 single-use backup codes:

1: a3f7-9k2m
2: b8c4-1np5
...

Save these somewhere safe — password manager, encrypted note, printed in a safe. If you lose your phone with the authenticator, these are your only recovery path.

Each code works once. Use one → it's invalidated.

Login flow with 2FA on

  1. Enter email + password as usual
  2. Panel asks for the 6-digit code
  3. Open authenticator → type current code → submit
  4. Logged in

The panel issues a session cookie that stays valid for 6 months by default. So you only see the 2FA prompt on:

  • New device / new browser / private mode
  • After explicit logout
  • After 6 months of inactivity

Lost your phone

You have three paths in order of preference:

  1. Use a backup code. On the 2FA prompt, click "I lost my device" → enter a backup code.
  2. If you stored the QR code or seed. Scan into a new authenticator app — same codes work.
  3. Contact support. With ID verification, we can manually reset 2FA. Takes 24-48h for security verification.

Standalone authenticator apps (Google Authenticator) are tied to one device. If the phone breaks, recovery is painful.

Password manager TOTP (1Password, Bitwarden) syncs across all your devices. Phone breaks → laptop still has the codes. Far less stressful.

Disable 2FA

Profile → Security → Two-factor authentication → Disable. Requires entering a current 6-digit code.

If you've lost access entirely and want to disable, contact support with ID — same as recovery.

What 2FA doesn't protect

  • Account compromise via password reset email theft. If your email is compromised, attacker can reset password AND complete 2FA bypass via email confirmation. Protect your email account too.
  • Session hijacking on the device itself. If malware on your computer steals the session cookie, 2FA was already passed. Run a clean machine.
  • SIM swap (only if using SMS 2FA — we don't, you use TOTP).

2FA via TOTP (what we use) is resistant to SIM swap, phone number takeover, and remote password leaks. Use it.

Təhlükəsizlik və SSL bölməsində daha çox

How to install a free Let's Encrypt SSL

Enable a free Let's Encrypt SSL certificate on your Rivervo hosting account in under 2 minutes with AutoSSL.

SSL renewal — automatic vs manual.

Let's Encrypt certs renew automatically every 60 days. When manual intervention is needed and how to do it.

Security hardening checklist for shared hosting.

Eight practical security improvements you can apply in 30 minutes — none requiring root access.

Daha sualınız varmı?

Canlı dəstəklə əlaqə saxlayın — günün istənilən vaxtı 3 dəqiqədən az median cavab müddəti.

Dəstəklə əlaqə