You can now add two-factor authentication (2FA) to your DodgeTax account. It's optional, takes under a minute to set up, and works with any TOTP authenticator app.

Why 2FA Matters for Bank Statement Data

Bank statements contain sensitive financial information — account numbers, transaction histories, balances. If you're processing client statements as part of your work, that data is doubly sensitive. A compromised account doesn't just expose your files, it exposes your clients'.

Two-factor authentication adds a second layer of protection beyond your password. Even if someone obtains your password, they can't access your account without the code from your authenticator app.

How to Set It Up

The whole process takes about 60 seconds:

  1. Go to Settings — log in and click your profile or navigate to your Settings page
  2. Click "Enable MFA" — this starts the setup wizard
  3. Scan the QR code — open your authenticator app (Google Authenticator, Authy, Microsoft Authenticator, or any TOTP app) and scan the code. You can also enter the key manually if you prefer
  4. Enter the 6-digit code — type the code your app generates to confirm it's working
  5. Save your recovery codes — you'll get 8 one-time backup codes. Download or copy them somewhere safe. These are your way back in if you lose access to your authenticator app

That's it. From now on, logging in will ask for your password and then a 6-digit code from your app.

Recovery Codes

During setup, you'll receive 8 recovery codes. Each code can only be used once. Keep them somewhere secure — a password manager, a printed sheet in a safe place, or a secured notes app.

If you lose your phone or uninstall your authenticator app, these codes are the only way to get back into your account. We can't bypass 2FA for you, so treat them like a spare key.

What Happens at Login

Once 2FA is enabled, your login flow adds one step:

  1. Enter your email and password as usual
  2. You'll be asked for a 6-digit code from your authenticator app
  3. Enter the code and you're in

If you don't have your authenticator app handy, you can switch to entering a recovery code instead. Remember, each recovery code is single-use.

Lockout Protection

To protect against brute-force attacks, accounts are temporarily locked after 5 failed 2FA attempts. The lockout clears automatically after 15 minutes. This means even if someone has your password, they can't keep guessing codes.

Turning It Off

If you need to disable 2FA, go to Settings and click "Disable MFA." You'll need to confirm your password. Your authenticator app entry and recovery codes will be invalidated immediately.

Which Apps Work?

Any app that supports TOTP (Time-based One-Time Passwords) will work. The most common ones:

  • Google Authenticator — simple, works on iOS and Android
  • Authy — supports cloud backup and multiple devices
  • Microsoft Authenticator — good if you already use it for work accounts
  • 1Password / Bitwarden — many password managers have built-in TOTP support

We recommend using an app that supports backup or multi-device sync, so you don't lose access if you switch phones.

Enable 2FA Now

Protect your account in under a minute.

Go to Settings