SpedySpedy Docs

Security

Configure two-factor authentication and organization-wide security policies.

Spedy provides security features to protect user accounts and enforce organization-wide policies.

Two-Factor Authentication (2FA)

Two-factor authentication adds a second verification step at login. Spedy uses the TOTP standard (Time-based One-Time Password), compatible with Google Authenticator, 1Password, Authy, and any other TOTP app.

Setting Up 2FA

  1. Go to Account → Security
  2. Click Set Up Two-Factor Authentication
  3. Scan the QR code with your authenticator app, or enter the secret key manually
  4. Enter the 6-digit code from your app to confirm
  5. Spedy shows your 10 backup codes -- save them in a safe place

After setup, every login requires your password plus a 6-digit TOTP code.

Using 2FA at Login

After entering your email and password, Spedy shows a verification screen. Enter either:

  • A 6-digit code from your authenticator app, or
  • A backup code if you don't have access to your app

Backup Codes

Each backup code is single-use. Once used, it cannot be reused. You can check how many codes remain under Account → Security.

To regenerate backup codes, click the regenerate button and confirm with a current TOTP code or an existing backup code. This replaces all remaining codes with a fresh set of 10.

Disabling 2FA

Under Account → Security, click Disable Two-Factor Authentication and confirm with a TOTP or backup code. This is blocked if your organization requires 2FA (see below).

Organization-Wide 2FA Enforcement

Organization admins can require all members to use two-factor authentication.

Enabling Enforcement

  1. Go to Settings → Organization
  2. Toggle Require 2FA for all members

What Happens When 2FA Is Enforced

  • Members who already have 2FA enabled are not affected
  • Members without 2FA are redirected to the security setup page on their next navigation
  • They cannot access any other page until 2FA is active
  • During login, members without 2FA must complete enrollment immediately after entering their password -- they scan the QR code, verify with a code, and save their backup codes before gaining access
  • Individual members cannot disable 2FA while the organization requirement is active

On this page

Two-Factor Authentication (2FA)Setting Up 2FAUsing 2FA at LoginBackup CodesDisabling 2FAOrganization-Wide 2FA EnforcementEnabling EnforcementWhat Happens When 2FA Is Enforced