What is the difference between SMS 2FA and app-based 2FA?

SMS sends the code to your phone number — convenient but vulnerable to SIM-swap attacks. App-based (TOTP) generates codes locally on your device — more secure and works without mobile signal.

What if I lose my phone with the authenticator app?

Use one of the 10 recovery codes generated when you set up 2FA. Each code works once. After using all of them, contact Genju support with identity verification to regain access.

Is 2FA required on Genju?

It is strongly recommended but not mandatory. Enabling it takes 2 minutes and is the single most effective security improvement you can make to your account.

Time-based One-Time Password. A 6-digit code generated by an algorithm that changes every 30 seconds. Both your authenticator app and the server generate the same code independently — they match for 30 seconds, then expire.

Can I enable 2FA for my staff accounts too?

Yes. Each team member can enable 2FA on their own account. As an owner you can see which team members have 2FA enabled in Settings → Team.

Glossary

Two-Factor Authentication (2FA) — plain English explanation

A second layer of security that stops hackers even if they know your password.

What it is

Two-factor authentication (2FA) is a security method that requires two separate forms of verification to log into an account. The first factor is something you know — your password. The second factor is something you have — typically a 6-digit code generated by an authenticator app on your phone (like Google Authenticator or Authy), or sent to you via SMS. Even if someone steals or guesses your password, they cannot access your account without also having physical access to your second factor. This makes accounts exponentially more secure.

Why it matters for small businesses

For a business owner, 2FA protects not just your login but everything inside it — your client list, your invoices, your financial data, your automation settings, and your communication history. A single hacked account can result in client data being stolen, invoices being redirected, and business communications being compromised. Enabling 2FA takes about 2 minutes and provides a level of protection that no password alone can match.

How Genju implements it

Genju supports TOTP-based 2FA (Time-based One-Time Password) in Settings → Security. When enabled, you scan a QR code with your authenticator app. On each login, after entering your password, you enter the 6-digit code shown in the app. Genju also generates 10 one-time recovery codes when you set up 2FA — store these somewhere safe in case you lose access to your phone.

In practice

An accountant handles sensitive financial data for 40 clients. She enables 2FA on her Genju account. Three months later, her email password is compromised in a data breach. The attacker tries to log into Genju using her email and password — and fails, because they do not have her phone with the authenticator app.

Two-Factor Authentication (2FA) — plain English explanation

What it is

Why it matters for small businesses

How Genju implements it

In practice

Frequently Asked Questions

Related terms

Set up 2FA in Genju

Two-Factor Authentication (2FA) — plain English explanation

What it is

Why it matters for small businesses

How Genju implements it

In practice

Frequently Asked Questions

What is the difference between SMS 2FA and app-based 2FA?

What if I lose my phone with the authenticator app?

Is 2FA required on Genju?

What is TOTP?

Can I enable 2FA for my staff accounts too?

Related terms

Set up 2FA in Genju