Two-step verification (2FA) and passkeys
TOTP, WebAuthn passkeys and recovery codes after login.
When the second factor appears
After a successful login with email and password, if your account has 2FA enabled, Capydox shows the additional verification screen before entering the dashboard.
Supported methods
| Method | Description |
|---|---|
| Passkeys | Authentication with a security key or device biometrics (WebAuthn). |
| TOTP App | 6-digit code from an authenticator app (Google Authenticator, etc.). |
| Recovery codes | One-time use if you lose your TOTP device. |
Best practices
- Save the recovery codes in a safe place.
- Add more than one passkey if you change your main computer.
- If WebAuthn fails, make sure you are using the same origin (e.g.
localhostvs127.0.0.1) as configured on the server.
Common issues
- "Your browser does not support passkeys": use an updated browser or switch to TOTP if available.
- Incorrect code: sync your phone's clock or generate a new code.