Casa uses TOTP (Time-based One-Time Password) 2FA, which can be used with apps like Google Authenticator, Duo, or Yubico Authenticator/YubiKey. 2FA in the Casa app is used specifically for logging in to one's Casa account. 2FA does not currently protect login to our web app at app.keys.casa.
2FA protection, in this instance, is not used when sending funds, but only for signing into the Casa app on one's mobile phone, because multiple factors are already required to send funds.
2FA account protection is not currently available with the Free and Standard memberships.
How do I enable 2FA?
From your "Security" tab in the Casa app, toggle "Two-Factor Authentication" on.
This will show you a TOTP authenticator code, which you can copy from your Casa app and paste into your TOTP 2FA app like Google Authenticator.
If you already have Google Authenticator or other authentication app downloaded, your Casa app will show you the option to add Casa to your authenticator app automatically (NOTE: This feature is currently available for Android only, and will not currently work with the authenticator app "Authy").
It's a good idea to write down your backup code, or keep it saved in a password manager. Some authenticator apps allow encrypted cloud backups, which is also an option. As long as you have a backup of some kind, you can be sure that you will be able to log into Casa easily when migrating to a new phone in the future.
Scan the code using the 2FA app, or manually enter the code. If the app prompts you to select "Time Based" or "Counter Based," select "Time Based."
Your Casa app will prompt you to enter the newly-generated TOTP code from your authenticator app into the app, to confirm that the TOTP key has been correctly entered.
Once you enter it correctly, you will get a success notification.
How do I use it?
You will need to enter the newest code that your authenticator app generates each time you log into your app on your mobile device. The easiest way is to copy the code in your authenticator app, then paste it into the Casa app.
How do I disable 2FA?
You can only disable 2FA yourself if you have current access to your TOTP authentication token.
To reset your 2FA if you wish to change your token, select 2FA in your Casa app, then select "Disable." You'll be prompted to enter your current 2FA code in order to disable 2FA.
If you have previously enabled 2FA in your Casa app and do not have access to your TOTP token, you will need to contact your Client Services representative via email or phone to schedule a verification call. The Client Services representative will be able to disable TOTP for you on your account after verification.
Once 2FA is reset, you can either re-add new authentication or forego 2FA authentication moving forward.