Security & 2FA
Enable two-factor auth, manage sessions, set a PIN, and recover access if you lose a device.
OnCloudWine handles a lot of sensitive data โ member addresses, payment methods on file, tax-rate configurations. The Security tab is where you put guard-rails on your account so a stolen laptop or phished password doesn't become a bigger incident.
We recommend all three: a strong password, 2FA, and a PIN for sensitive actions. Each adds a different kind of protection.
Where to find it
Settings โ Account โ Security.
Settings ยท Account ยท Security
Protect your account with password, 2FA, and a PIN.
Change password
Click Change password
Form opens with three fields: current password, new password, confirm.
Enter strong
Minimum 8 characters with at least one number. Longer passphrases are stronger โ try a memorable sentence.
Save
All other sessions are signed out. You stay signed in on the device you used to make the change.
Two-factor authentication (2FA)
We support TOTP (time-based one-time passcodes) โ the standard 6-digit codes from apps like 1Password, Authy, Google Authenticator.
Enable
Click Enable 2FA
A QR code and 16-character backup secret appear.
Scan the QR code
Open your authenticator app and scan. The app starts generating codes.
Confirm with a code
Enter the current 6-digit code to verify the setup worked.
Save your recovery codes
A list of one-time recovery codes is shown. Copy them somewhere safe โ they're your only path back in if you lose your phone.
What 2FA covers
| Action | Requires 2FA? |
|---|---|
| Sign-in | Yes โ every sign-in once 2FA is enabled. |
| Change email | Yes. |
| Change password | Yes. |
| Delete account | Yes. |
| Day-to-day work | No โ once you're signed in, 2FA is not re-prompted for normal actions. |
Recovering if you lose your device
If you lose your phone:
Use a recovery code
On the 2FA prompt, click Use recovery code and enter one of the codes you saved at setup. Each is single-use.
Disable 2FA
Once signed in, go to Security and disable 2FA so you can re-enroll on your new phone.
Re-enable on the new device
Run through the enable flow again. You'll get a new set of recovery codes โ save these too.
If you've lost both your device and recovery codes, contact support. Recovery requires identity verification and isn't instant.
PIN
A PIN is a separate, short numeric code OnCloudWine prompts for on sensitive in-dashboard actions: deleting an organization, revoking API keys, force-cancelling a release.
Set a PIN
From the Security tab, Set PIN. Enter and confirm a 4โ6 digit PIN.
Confirm with current password
Required to set or change the PIN.
Use it
Sensitive actions now show a PIN prompt before executing.
The PIN is not a 2FA replacement. It's a friction layer for irreversible actions, designed to make accidents harder.
Connected accounts
If you signed up via Google or Apple, the OAuth provider appears under Connected Accounts. From here you can:
- Disconnect a provider (you'll fall back to password sign-in)
- Re-connect after disconnecting
- See the email and provider account ID linked
If you signed up via Google and never set a password, disconnecting Google will lock you out. Set a password first โ there's a one-click link from the disconnect modal.
Sessions
The Sessions list shows every active session on your account, with:
- Device and browser
- Approximate location (from IP)
- Last activity time
- "Current session" tag on the one you're using now
Signing out other sessions
Click Sign out on any row to revoke that session. The device using it will need to sign in again. Use the Sign out all other sessions button to revoke everything except your current device โ useful after a lost laptop.