Authenticator app (TOTP)
- Add an authenticator app from Settings → Security.
- Scan the setup QR code with your authenticator app.
- Enter a 6-digit code to finish setup.
- Keep your authenticator app time in sync; invalid clock drift can cause code failures.
Passkeys
- Passkeys let you sign in with Face ID, Touch ID, Windows Hello, or a hardware security key.
- Create more than one passkey (for example: laptop + phone) to avoid single-device lockout.
- Removing a passkey only removes that credential from Blueprints; it does not erase the passkey from your device keychain.
Backup codes
- Backup codes are one-time recovery codes generated during authenticator setup.
- Store them offline in a secure location (password manager vault or printed copy).
- Treat each code like a password: never share it in chat, email, or screenshots.
Trusted devices
- When you complete MFA, Blueprints can trust that device for future sign-ins.
- Use trusted devices only on personal hardware you control.
- Remove trust by signing out, clearing browser data, or disabling/re-enabling authenticator MFA.
Recovery expectations
- If you lose one factor, use another enrolled factor (for example, a second passkey or backup code).
- If you lose all enrolled factors and recovery codes, account recovery may require manual support verification and can be delayed.
- Keep at least one extra factor enrolled at all times to minimize lockout risk.