K

Two-Factor Authentication and Account Security

How to secure your Phound account with two-factor authentication and other security measures.

Two-Factor Authentication and Account Security

Your Phound account holds your phone numbers, call history, messages, voicemails, and personal settings. If someone gains unauthorized access, they could read your conversations, impersonate you, or lock you out entirely. Securing your account is just as important as the privacy features Phound provides for your phone numbers.

This guide covers how to enable two-factor authentication (2FA), which authenticator apps are supported, how to use backup codes, and security best practices to keep your account safe.

What Is Two-Factor Authentication?

Two-factor authentication (2FA) adds a second layer of security to your account beyond your password. When 2FA is enabled, logging in requires two things:

  1. Something you know — your password.
  2. Something you have — a temporary verification code generated by an authenticator app on your device.

Even if someone guesses or steals your password, they cannot access your account without also having your authenticator app. This dramatically reduces the risk of unauthorized access.

Tip: Think of 2FA as a deadbolt on top of your door lock. Your password is the lock, and 2FA is the deadbolt. Together, they are far stronger than either one alone.

How to Enable Two-Factor Authentication

Setting up 2FA on your Phound account takes just a few minutes:

  1. Launch the Phound app and navigate to Settings > Account > Security.
  2. Tap Enable Two-Factor Authentication. Phound displays a QR code on your screen.
  3. Open your authenticator app (see supported apps below) and scan the QR code. If you cannot scan it, Phound also provides a manual setup key you can type in directly.
  4. Enter the 6-digit verification code from your authenticator app into the confirmation field in Phound.
  5. Save your backup codes — Phound generates a set of backup codes after verification. Save these immediately. They are your safety net if you lose access to your authenticator app.
  6. Tap Done to complete the setup.

From this point on, every login on a new device requires both your password and a verification code from your authenticator app.

Warning: Do not skip the backup codes step. If you lose access to your authenticator app and do not have backup codes, you may be locked out of your account. Recovery without backup codes requires contacting support and verifying your identity, which can take time.

Supported Authenticator Apps

Phound supports any authenticator app that generates time-based one-time passwords (TOTP). This is the most widely used 2FA standard, and nearly all major authenticator apps support it. Here are some popular options:

Authenticator App Platform Notes
Google Authenticator iOS, Android Simple and widely used. No cloud backup.
Microsoft Authenticator iOS, Android Supports cloud backup and multi-account management.
Authy iOS, Android, Desktop Cloud-synced codes with multi-device support.
1Password iOS, Android, Desktop Built-in TOTP support if you already use it for passwords.
Bitwarden iOS, Android, Desktop Open-source password manager with TOTP support.

Any TOTP-compatible app will work. Choose the one that fits best with the tools you already use.

Understanding Backup Codes

Backup codes are one-time-use codes that let you log into your account if you cannot access your authenticator app. This might happen if you lose your phone, reset your device, or accidentally delete the authenticator app.

How Backup Codes Work

  • Phound generates 10 backup codes when you enable 2FA.
  • Each code can be used once. After you use a code, it is invalidated.
  • Backup codes do not expire, but once all 10 are used, you need to generate a new set.

How to Store Backup Codes Safely

Your backup codes are as important as your password. Store them in a password manager like 1Password or Bitwarden, write them down and keep the paper in a safe or locked drawer, or save them in an encrypted note. Do not store backup codes in an unencrypted text file, email draft, or sticky note. Anyone who finds these codes can bypass your 2FA.

How to Use a Backup Code

If you need to use a backup code during login, enter your email and password as usual, then tap Use a backup code on the 2FA verification screen and enter one of your unused codes. After using a backup code, set up your authenticator app again as soon as possible.

Generating New Backup Codes

If you have used most of your backup codes or suspect they have been compromised, go to Settings > Account > Security > Two-Factor Authentication and tap Regenerate Backup Codes.

Warning: Regenerating backup codes invalidates all previous codes. Make sure you save the new set immediately after generating them.

Creating a Strong Password

2FA is most effective when paired with a strong password. A weak password undermines your security even with 2FA enabled. Here are guidelines for creating a strong Phound password:

A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters. Do not reuse passwords from other services — if another site gets breached and you use the same password for Phound, your account is at risk. Avoid common words, names, birthdays, or predictable patterns.

Consider using a passphrase — a string of random words like "correct-horse-battery-staple" — which is long, memorable, and difficult to crack. Better yet, use a password manager to generate and store a strong, random password for you. If you suspect your password has been exposed, change it immediately from Settings > Account > Security > Change Password.

Tip: You can check whether your email address has appeared in known data breaches by visiting reputable breach-notification services. If your email shows up, change your Phound password right away.

What to Do If You Are Locked Out

If you cannot access your account, here is how to recover it depending on your situation:

You Have Your Backup Codes

Use a backup code to log in (see the instructions above), then reconfigure your authenticator app.

You Lost Your Authenticator App but Have Your Password

If you still know your password but cannot generate a 2FA code, use a backup code to log in, then go to Settings > Account > Security and reconfigure 2FA with your new or reinstalled authenticator app.

You Lost Both Your Authenticator and Backup Codes

If you have lost access to both your authenticator app and your backup codes, you will need to contact Phound support for account recovery. Visit Contact Support, select Account Recovery as the issue type, and provide the email address associated with your account. Support will verify your identity through security questions and may require additional verification.

Warning: Account recovery without backup codes or authenticator access can take several business days. This process is intentionally thorough to prevent unauthorized access. Keep your backup codes stored securely to avoid this situation.

Security Best Practices

Beyond 2FA and strong passwords, here are additional steps to protect your Phound account:

  • Keep your app updated — Enable automatic updates or check regularly for Phound updates that include security patches.
  • Review active sessions — Go to Settings > Account > Security > Active Sessions to see all devices where your account is logged in. If you see a device you do not recognize, tap Log Out next to that session and change your password.
  • Be cautious with public Wi-Fi — Your data is encrypted in transit (see our privacy protection guide), but it is good practice to avoid logging into sensitive accounts on untrusted networks when possible.
  • Never share your login credentials — Phound support will never ask for your password or 2FA codes. If you receive a message requesting this information, it is a phishing attempt.
  • Set up account recovery information — Make sure your account has an up-to-date recovery email and current billing information so support can verify your identity if needed.

Tip: Set a reminder to review your account security settings every few months. A quick check of your password, 2FA status, active sessions, and backup codes can prevent problems before they start.

Still need help?

If you have questions about two-factor authentication, need help recovering your account, or want to report suspicious activity, visit Contact Support to reach our team.

Was this helpful?

Still need help?

If you couldn't find what you were looking for, our support team is ready to assist. Contact Phound Support and we'll get back to you as soon as possible.