Multi-factor authentication

DealRadar uses TOTP (time-based one-time password) for second-factor authentication on privileged actions. Any standard authenticator app works — 1Password, Authy, Google Authenticator, Microsoft Authenticator, Bitwarden.

When MFA is required

MFA is enforced on the actions that change the shape of your workspace or remove data. Specifically:

  • Renaming the organization
  • Changing a teammate's role (Admin / RevOps / Manager / Rep)
  • Removing a member
  • Deleting the organization
  • Account deletion (GDPR Art. 17)

Day-to-day actions — scoring deals, importing CRM data, viewing dashboards, exporting data — do not require MFA. The gate is only on actions that touch workspace identity or membership.

How to enroll

1

Open Settings → Account

Sign in to app.trydealradar.com and click Settings in the sidebar, then the Account tab.

2

Click "Set up MFA"

A QR code appears alongside a 6-digit verification field.

3

Scan with your authenticator app

In your authenticator app, choose Add account Scan QR code and point your camera at the QR. The app will start generating 6-digit codes that rotate every 30 seconds.

4

Enter the current code

Type the 6-digit code into DealRadar and click Verify. Once verified, MFA is active and admin actions will accept this authenticator.

What you'll see at the action

When you trigger an MFA-gated action — say, changing a teammate from Rep to Manager — DealRadar will prompt for a fresh 6-digit code before completing the change. If you dismiss the prompt or enter an invalid code, the change is rejected with anMFA_REQUIREDerror and the workspace is left unchanged.

The verification window aligns with your authenticator app's 30-second rotation. If the code times out while you're typing, just enter the next one.

Replacing or removing your authenticator

If you change phones or want to switch authenticator apps:

  1. Go to Settings → Account
  2. Click Remove MFA and confirm with a current 6-digit code from the existing authenticator
  3. Click Set up MFA again to enroll the new device

Removing MFA on its own does not disable the requirement for admin actions — it just de-enrolls your device. You'll need to re-enroll before you can perform another MFA-gated action.

If you're locked out

Lost your phone or your authenticator app entries? You can still sign in normally and use every non-admin feature — only the privileged actions are gated. To get a new authenticator enrolled, email support@trydealradar.com from the address on the account. We'll verify ownership and reset MFA so you can re-enroll a new device.

For accounts on Enterprise plans with a designated security contact, the reset is handled per the procedure documented in your DPA.

Why TOTP and not SMS?

SMS-based codes are vulnerable to SIM-swap attacks and carrier interception. TOTP codes never leave your device and stay valid for only 30 seconds, which keeps the factor on the same device the attacker would need physical access to. For more detail on our broader security posture, see the Security page.

Support

Stuck on enrollment or seeing unexpected MFA prompts? Email support@trydealradar.com and we'll help you get sorted.