Two-factor authentication (2FA) adds a second step when you sign in to the ReferralCandy dashboard at my.referralcandy.com: after entering your email and password, you also enter a 6-digit code from an authenticator app. Even if someone gets hold of your password, they can't sign in without that code. 2FA is optional and free, and you can turn it on or off anytime.
2FA applies to signing in directly at my.referralcandy.com. If you use ReferralCandy inside your Shopify admin, that access is protected by your Shopify sign-in instead — manage two-factor authentication for it in your Shopify account's security settings.
What you need
To set up two-factor authentication, you need a TOTP authenticator app on your phone or computer — for example Google Authenticator, Authy, Microsoft Authenticator, or 1Password. Any app that supports time-based one-time password (TOTP) codes works.
Turning on two-factor authentication
Sign in at my.referralcandy.com and go to Account > Profile.
In the Two-factor authentication section, click Set up authenticator.
Scan the QR code with your authenticator app — or enter the secret key into the app manually if you can't scan. It's worth storing the secret key somewhere safe: it lets you re-add your account to a new device later.
Enter the 6-digit code your app shows, then click Verify code.
Once the code is verified, two-factor authentication is enabled on your account — the section's status updates to reflect it.
Signing in with 2FA enabled
With two-factor authentication enabled, signing in at my.referralcandy.com works the same as before, with one extra step: after your email and password, you're asked for the current 6-digit code from your authenticator app. Open the app, enter the code shown for ReferralCandy, and you're in.
Turning off two-factor authentication
You can turn two-factor authentication off anytime from the same place: go to Account > Profile, find the Two-factor authentication section, and disable it there. You can re-enable it later — you'll just set up the authenticator again.
Two-factor authentication FAQ
Which authenticator apps work with ReferralCandy's 2FA?
Which authenticator apps work with ReferralCandy's 2FA?
Any authenticator app that supports time-based one-time passwords (TOTP) works with ReferralCandy's two-factor authentication — including Google Authenticator, Authy, Microsoft Authenticator, and 1Password. The codes come from the app itself; ReferralCandy doesn't send codes by SMS or email.
Do I need 2FA if I only use ReferralCandy inside my Shopify admin?
Do I need 2FA if I only use ReferralCandy inside my Shopify admin?
No — two-factor authentication in ReferralCandy protects the direct dashboard sign-in at my.referralcandy.com. When you open ReferralCandy from your Shopify admin, you're authenticated through your Shopify account, so it's your Shopify login that matters there — Shopify offers its own two-step authentication in your Shopify account's security settings.
What if I lose access to my authenticator app?
What if I lose access to my authenticator app?
If you've lost the device with your authenticator app, you won't be able to complete the 2FA step on your own — let us know, and our support team can verify your identity and help you regain access to your account.
If you're just moving to a new phone, the smoothest path is to set things up while you still have the old device: re-add the account in your new authenticator app using your saved secret key, or temporarily turn 2FA off and back on to scan a fresh QR code.