Two-step verification
A password protects your Permaura account, and everything your gateway can do sits behind it, so it's worth a second factor. Permaura supports three, and you can use more than one.
You'll find all of them under Settings → Password & security (/settings/account/security).

Email one-time codes
The simplest second factor: after your password, Permaura emails you a short one-time code to enter. Turn it on from Password & security — nothing to install.
Authenticator app (TOTP)
Use any authenticator app — 1Password, Authy, Google Authenticator, and so on.
- Under Password & security, choose to set up an authenticator app.
- Scan the QR code (or copy the secret) into your app.
- Enter the 6-digit code it shows to confirm, and save your recovery codes somewhere safe.
From then on, sign-in asks for the current code from your app.
Passkeys
A passkey replaces the password entirely with Face ID, Touch ID, Windows Hello, or a hardware security key. It's phishing-resistant and there's nothing to type.
Under Password & security, choose Add a passkey and follow your device's prompt. You can register more than one (say your laptop and your phone) so you're never locked out.
What sign-in looks like
With a second factor enabled, entering your password takes you to a Two-step verification screen (/login/2fa) where you complete the challenge — an emailed code, your authenticator code, or a passkey tap. A passkey can skip the password step altogether.
Permaura can also require a verified email address before sign-in. Verifying your email is a good idea regardless — it's how account-recovery and important notices reach you.
Two-step verification, authenticator apps, and passkeys are available to every account. Whether new sign-ups are prompted to enrol by default depends on how your Permaura instance is configured — but you can always turn any of them on yourself from Password & security.