In addition to requiring a user to verify their email address when registering a new account, we require users to verify their phone number by inputting a 6 digit code sent to in the form of an SMS text message to the users' phone. Users will then be prompted to input SMS text codes each time that they attempt to log in to better ensure that it is truly the user that is attempting to log in to the account.
This additional layer of account security is referred to as two-factor authentication (2FA). Because RECUR enables users to seamlessly link their credit cards in order to purchase NFTs, measures such as 2FA are important for protecting your financial information and the NFTs that you hold on your RECUR account.
2FA can’t be disabled and is required whenever a user registers a RECUR account, logs in to their account, or makes changes to their 2FA method. VoIP phone numbers are not supported. For more information, see our article regarding Types of Phones RECUR Supports for 2 Factor Authentication with SMS.
2FA Methods Available
During the account registration process you will be required to verify your phone number which will be used for subsequent login attempts. Your default 2FA method will be set to SMS using the phone number you verify during account registration.
After your account is set up you can change over to TOTP 2FA using a common authenticator app (Google Authenticator, Authy, Duo) at any time. In order to change to TOTP 2FA:
Access the Account Settings in your profile
Scroll down to edit your Two-Factor Authentication and select Authenticator app. Before proceeding with the update, you will be prompted to enter the SMS code sent to your phone. You will be presented with a QR code that you can scan using any authenticator app of your choice.
Once you are successfully linked to the authenticator app, you will be required to enter the code from that app to save your selection.
If you are experiencing sign in issues related to 2FA, please refer to this article for more information.
Users have the option to remember their devices upon signing in. This will allow the user to only input the SMS code or authenticator code every 30 days. To remove this permission, update the selection in Account Settings.