Cadence uses magic-link sign-in by default and supports TOTP-based two-factor authentication on top. We do not support SMS 2FA because SIM swaps are too easy. Here is how to set up 2FA and what it covers.
Default: magic link
- You sign in by entering your email and clicking a one-time link in your inbox.
- Links expire after 10 minutes.
- Each link is single-use. Clicking twice does not sign in twice.
Adding TOTP 2FA
- Open Settings → Security in your dashboard.
- Click Enable 2FA.
- Scan the QR code with your authenticator app (1Password, Authy, Google Authenticator, Bitwarden, Apple Passwords).
- Enter the 6-digit code to confirm.
- Save the 10 recovery codes shown next, somewhere offline.
What 2FA covers
- All sign-in attempts after enable.
- Changing payout banking details.
- Adding a new role to the account.
- Deleting the account.
- Changing the email on file.
What 2FA does not cover
- The magic link itself, anyone with access to your inbox can still sign in. Use 2FA on your email provider.
- Active sessions opened before you enabled 2FA. Sign out everywhere from Settings if you want to force a re-auth.
Recovery codes
- 10 codes, single-use each.
- Store in a password manager or print and put somewhere secure.
- Used in place of a TOTP code when you lose access to your authenticator.
- You can regenerate new codes any time. Old codes are invalidated.
Lost your authenticator and recovery codes
Email trust@cadence.work from the email on file. We will require ID verification before disabling 2FA. Expect 2 to 4 business days. We will not skip this for any reason, even if it is your own account.
Hardware keys
WebAuthn / FIDO2 hardware key support is on the roadmap for late 2026. If you need it sooner for a specific compliance reason, email trust@cadence.work.
Anything else, trust@cadence.work. Back to help center.