Account Security
Featureflip gives you two ways to strengthen how you sign in: two-factor authentication (2FA) adds a one-time code on top of your password, and Sign in with Google lets you use your Google account instead of a separate password. Both are managed from your account, and you can use either, both, or neither.
Two-factor authentication
Section titled “Two-factor authentication”Two-factor authentication asks for a one-time code from an authenticator app in addition to your password, so a leaked password alone is not enough to sign in. Featureflip uses standard time-based one-time codes (TOTP), which work with any authenticator app — Google Authenticator, 1Password, Authy, and others.
Enabling two-factor authentication
Section titled “Enabling two-factor authentication”- Go to your Profile page.
- Find the Two-Factor Authentication card and click Set up two-factor.
- Scan the QR code with your authenticator app. If you cannot scan it, enter the shown key into the app manually.
- Enter the 6-digit code from your app and click Enable.
- Featureflip shows your recovery codes. Save them somewhere safe — see below.
Once enabled, every future sign-in asks for a code from your authenticator app after your password.
Recovery codes
Section titled “Recovery codes”When you enable 2FA, Featureflip gives you a set of recovery codes. Each code works once and is your backup way to sign in if you lose access to your authenticator app (for example, if you replace your phone). Store them somewhere separate from your password manager’s 2FA entry — printed, or in a secure note.
If you use some of your codes or want a fresh set, click Regenerate recovery codes on the Two-Factor Authentication card and confirm with your password. Regenerating invalidates your previous codes and replaces them with a new set.
Signing in with 2FA
Section titled “Signing in with 2FA”After you enter your email and password, Featureflip prompts for your one-time code. Open your authenticator app, enter the current 6-digit code, and you are signed in. If you cannot reach your authenticator, use one of your recovery codes instead.
Disabling two-factor authentication
Section titled “Disabling two-factor authentication”- Go to your Profile page.
- On the Two-Factor Authentication card, click Disable two-factor.
- Enter your password to confirm.
Two-factor authentication is turned off, and future sign-ins ask for your password only.
Sign in with Google
Section titled “Sign in with Google”You can sign up and sign in to Featureflip with your Google account instead of a password. On the sign-in screen, click Continue with Google and complete Google’s consent screen. Featureflip creates or signs you into your account from your verified Google email.
- New to Featureflip? Continuing with Google creates your account from your Google profile — no separate password to set.
- Already have a Featureflip account under the same email address? If that account’s email is already verified, signing in with Google links to it, so you can use either your password or Google going forward. If the email on the existing account has not been verified, Featureflip will not automatically link the two, as a safeguard against account takeover — verify the account first.
Sign in with Google is social login built on Google’s OAuth. It is separate from enterprise single sign-on (SAML / SCIM), which is available on the Enterprise plan — contact us if your organization needs SAML.
Next steps
Section titled “Next steps”- Team Management — invite members and manage roles for your organization
- Audit Log — review changes made across your flags and environments