Skip to main content

Security

Two-Factor Authentication

Faultlean supports two-factor authentication using a TOTP authenticator app (such as Google Authenticator, Authy, or 1Password).

To enable 2FA, go to Settings > Security > Two-Factor Authentication and click "Set up Two-Factor Authentication." Scan the QR code with your authenticator app and enter the verification code to confirm.

When you enable 2FA, you receive a set of one-time backup codes. Store these in a safe place — they can be used to sign in if you lose access to your authenticator app.

Organization owners can require 2FA for all members by enabling "Require two-factor authentication for all members" in organization settings.

Passkeys

Passkeys provide a passwordless sign-in option using your device's biometrics (fingerprint, face recognition) or PIN. When you sign in with a passkey, you do not need to enter your password or a 2FA code.

To add a passkey, go to Settings > Security > Passkeys > Manage Passkeys, then click "Add Passkey." Follow your device's prompts to create the passkey.

You can have multiple passkeys (e.g. one per device) and remove them individually.

Password Requirements

Passwords must be at least 12 characters and include at least one lowercase letter, one uppercase letter, one digit, and one special character.

Encryption at Rest

The following fields are encrypted in the database:

  • 2FA secret — the TOTP seed used to generate verification codes.
  • Reporter payment information — PayPal email, bank details, or other payment method.
  • Linear API key — the API key used to create issues in Linear.
  • Slack bot token — the OAuth token used to post messages via the Slack Web API.
  • Slack webhook URL — the incoming webhook URL used as a fallback for Slack notifications.

Decrypted values are visible to authorized users when they are logged in (e.g., organization owners can see integration credentials on the settings page). The encryption key is system-wide, not per organization.