Skip to main content
Protect your account with two-factor authentication (2FA) and manage your password from Settings → Security.

Two-factor authentication (2FA)

LetterBucket supports TOTP (Time-based One-Time Password) as its 2FA method. This works with any standard authenticator app:
  • Google Authenticator
  • Microsoft Authenticator
  • Authy
  • 1Password
  • Any other TOTP-compatible app

Setting up 2FA

  1. Go to Settings → Security.
  2. Enter your current password to verify your identity.
  3. Open your authenticator app and scan the QR code shown on screen.
  4. Enter the 6-digit code generated by your app to confirm the setup.
  5. 2FA is now active on your account.
Recovery codes are generated automatically when you enable 2FA.

Recovery codes

Recovery codes let you access your account if you lose access to your authenticator app. Each code can only be used once.
Save your recovery codes somewhere safe when they’re shown to you. If you lose access to both your authenticator app and your recovery codes, you may be permanently locked out.
To view or regenerate your recovery codes:
  1. Go to Settings → Security.
  2. Click View Recovery Codes (requires TOTP verification and password).
  3. To generate a new set, click Regenerate — this invalidates all previous codes.
If you enter incorrect codes too many times, your account will be temporarily locked for 1 hour as a security measure.

Disabling 2FA

To remove 2FA from your account, go to Settings → Security and click Remove authenticator. You’ll need to verify with your password and a TOTP code.

Password management

You can change your password at any time from Settings → Security → Password tab. LetterBucket logs security events on your account, including:
  • Password changes
  • 2FA setup and removal
  • Failed login attempts (with IP and location)
You’ll receive a notification when any of these events occur.
We strongly recommend enabling 2FA. It’s the single most effective way to protect your account from unauthorized access.