Hydra logoHydra · Hydra Support

Configuration

Two-factor authentication

Protect your Hydra account with a TOTP authenticator app, and optionally require 2FA for your whole workspace.

Two-factor authentication

Two-factor authentication (2FA) adds a second check at sign-in: after you enter your password, Hydra asks for a 6-digit code from an authenticator app on your phone. Anyone who steals your password still can't get in without your phone.

Hydra uses the industry-standard TOTP (Time-based One-Time Password) method. You can use any of the common authenticator apps — Google Authenticator, 1Password, Authy, Microsoft Authenticator, Bitwarden, Aegis, etc. — whichever you already have.

Enroll your own account

  1. Go to Settings → Security & 2FA.
  2. Click Enable 2FA.
  3. Scan the QR code with your authenticator app, or type the secret key in manually if your app doesn't scan QR codes.
  4. Enter the 6-digit code your app shows for Hydra, then click Verify & enable.

From your next sign-in onward, Hydra will ask for a fresh 6-digit code after your password.

Sign in with 2FA

  1. Enter your email + password as usual.
  2. Hydra redirects you to a page asking for your 6-digit code.
  3. Open your authenticator app, find the Hydra entry, and type the code shown.
  4. You're in.

Codes rotate every 30 seconds — if a code is about to expire, wait for the next one rather than submitting a stale one.

Turn 2FA off

  1. Go to Settings → Security & 2FA.
  2. Click Disable 2FA and confirm.

Your account falls back to password-only protection. You can re-enroll at any time.

Require 2FA for the whole workspace (Owner-only)

Workspace Owners can force every teammate to enroll 2FA before they can access the dashboard.

  1. Go to Settings → Security & 2FA.
  2. Scroll to Workspace policy.
  3. Tick Require 2FA for all teammates.

Effect:

  • Any teammate who hasn't enrolled 2FA will be redirected to the Security page on their next sign-in and asked to enroll before they can use anything else.
  • Teammates who have already enrolled are unaffected — they continue signing in as before.

To turn it off again, untick the box. Anyone mid-enrollment stays where they are; no one is forced out.

Lost your authenticator app?

Hydra doesn't store recovery codes today. If you lose access to your authenticator app:

  1. Ask another Owner or Admin in your workspace to go to Team → Members, remove you from the workspace, and re-invite you.
  2. Accept the fresh invite with a new password.
  3. Enroll 2FA again on the new device.

If you're the only Owner and you've lost access, contact Hydra support — we can reset your factor after we verify your identity.

We'll add self-serve recovery codes in a future release.

Troubleshooting

"Invalid code" on sign-in even though I just copied it. Your phone's clock might be out of sync. TOTP codes only work if both sides agree on the current time to within ~30 seconds. On iOS: Settings → General → Date & Time → Set Automatically. On Android: Settings → System → Date & time → Use network-provided time.

Enrollment QR code won't scan. Use the secret key shown under the QR code — most authenticator apps have a "enter setup key manually" option. Pick Time-based if it asks.

I enabled 2FA but didn't save the code and got locked out. Follow the lost-authenticator-app steps above. As long as another Owner or Admin can reach the Members page, they can reset you by removing and re-inviting.