Protect sign-in and sensitive merchant actions.

Passwords can be phished, reused, leaked, or guessed. 2FA adds a second proof that the person using the account still controls a trusted authenticator app or verified email inbox.

• Authenticator app is recommended for owner and admin users.
• Email one-time codes are supported for merchant users when authenticator setup is not practical.
• Use a personal work account, not a shared team inbox or shared authenticator profile.
• Enable 2FA before creating production keys, webhooks, payout methods, or live operational workflows.

• Sign in to the merchant portal.
• Open Settings from the merchant dashboard.
• Choose authenticator app setup in the two-factor section.
• Scan the QR code, or paste the manual setup key into your authenticator app.
• Enter the current 6-digit code to confirm setup.
• Save the backup codes in a password manager or approved secret store.
• Confirm the settings page shows 2FA as enabled.

• Sign in to the merchant portal.
• Open Settings from the merchant dashboard.
• Choose email code setup in the two-factor section.
• Check the verified account email inbox for the one-time code.
• Enter the code to confirm setup.
• Keep the email account protected, because future 2FA codes depend on it.

• Backup codes work once. Store them like passwords.
• Do not paste backup codes into tickets, chat, email, screenshots, or shared documents.
• If backup codes are lost or exposed, re-enroll 2FA from a trusted session.
• If you lose your authenticator, email access, and backup codes, contact Alpha support from a verified business contact path.

After 2FA is enabled, continue with API keys and webhook setup.