Security & MFA

Two-factor authentication (MFA)

Add a second factor so a stolen password isn't enough to access your account.

Enable it

1. Go to Settings → Security.
2. Click Enable MFA.
3. Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.). Can't scan? Enter the key shown below the QR manually.
4. Enter the 6-digit code from the app to confirm.
5. Save your backup codes somewhere safe — they let you in if you lose your device.

Signing in with MFA on

After your magic link or Google sign-in, you'll be asked for the 6-digit code from your authenticator app. Lost your device? Use a backup code.

Turn it off

Settings → Security → Disable MFA (you'll confirm with a current code).

How Kordox protects your data

• Tenant isolation — every organization's data is fully separated; one workspace can never see another's.
• Roles (RBAC) — Owner / Admin / Member control who can do what.
• Audit log — sensitive actions are recorded.
• Encrypted credentials — connector and email tokens are encrypted at rest.