2FA is optional for Staff but **required** for Owner / Super Admin in Settings → Security → Require 2FA for finance roles.
Setup
1. Settings → My profile → Set up 2FA. 2. Scan the QR code with your authenticator app. 3. Enter the 6-digit code to confirm.
You'll be asked for a code on every fresh login (cached for 30 days per device).
Recovery codes
We give you 10 one-time recovery codes when you set up 2FA. Save them somewhere safe — they're the only way to log back in if you lose your phone.