Regenerate backup codes
Running low, or think your codes may have been seen? Select Regenerate backup codes, enter a current six-digit code, and Eighty-Six issues a fresh set of ten. Your previous codes stop working immediately.
The Security tab is where you decide how strictly people sign in to your restaurant’s dashboard. You can require two-factor authentication for members with particular roles, so a stolen or guessed password on its own is not enough to get in. Each member also controls their own two-factor setup from their profile. This page explains what two-factor authentication is, how to require it, what your team will experience, and how to help someone who gets locked out.
A password is one factor: something you know. Two-factor authentication (often shortened to 2FA) adds a second factor: something you have. After you type your password, you also enter a short code that changes every 30 seconds, generated by an authenticator app on your phone.
You get this code from any standard authenticator app — for example Google Authenticator, Microsoft Authenticator, 1Password or Authy. You scan a QR code once to link your account to the app, and from then on the app shows a fresh six-digit code whenever you sign in.
When you enrol, Eighty-Six also gives you a set of ten single-use backup codes. These are your safety net: if you lose your phone or cannot open your authenticator app, you can sign in with one of these codes instead. Each backup code works only once.
Instead of asking people one by one, you set a policy for whole roles. When a role is marked as required, every member who holds that role must set up two-factor authentication before they can use the dashboard.

Turning a switch off removes the requirement for that role. Members who already enrolled keep their two-factor authentication — turning the policy off simply means it is no longer forced, and they may disable it themselves if they wish.
Once a role is required, anyone holding it who has not yet enrolled is met with a Two-factor authentication required screen the next time they open the dashboard. It explains that the organization requires two-factor authentication for their role and offers two buttons: Set up two-factor authentication and Sign out. There is no way past this screen except to enrol — the rest of the dashboard stays locked until they do.
From then on, signing in has one extra step. After entering their email and password, the member is asked for the six-digit code from their authenticator app, then selects Verify. If they cannot reach their app, a Use a backup code link lets them enter one of their backup codes instead.
Whether the policy forces you or you simply choose to, the setup is the same. You manage your own two-factor authentication from your Profile.

After you verify, Eighty-Six shows your ten backup codes once. Use Copy or Download to store them somewhere safe — a password manager is ideal. You must tick I have saved these backup codes somewhere safe before the Done button becomes available, because you will not be shown these codes again.

Back on the Two-factor authentication card in your profile, a badge shows whether it is Enabled or Disabled, whether it is Required by your organization, and how many backup codes you have left. Two actions are available while it is on:
Regenerate backup codes
Running low, or think your codes may have been seen? Select Regenerate backup codes, enter a current six-digit code, and Eighty-Six issues a fresh set of ten. Your previous codes stop working immediately.
Disable
Select Disable and enter a current code (or a backup code) to turn two-factor authentication off. If your role is one the organization requires, this button is greyed out — you cannot switch off two-factor while the policy demands it.
If a member loses their phone and their backup codes, they can be locked out. An admin can clear their two-factor setup so they can sign in with just their password and enrol again fresh.

After a reset, the member can sign in with only their password. If their role still requires two-factor authentication, they will be asked to set it up again on their next visit. You cannot reset your own two-factor this way — use the Disable and Enable buttons on your own profile instead.