Two-factor auth (preview)
Add an extra layer of security to your Meridian account with time-based one-time passwords. TOTP is available now as an opt-in preview for all licensed users.
How it works
Meridian uses the standard TOTP algorithm (RFC 6238). When you enable two-factor auth, the server generates a secret key and returns a QR code and a manual setup key. You scan the QR code with any authenticator app — Google Authenticator, Authy, 1Password, or Bitwarden — and the app begins generating six-digit codes that rotate every 30 seconds.
After setup, every login requires your password plus the current code from your authenticator app. Recovery codes are issued at setup time — store them somewhere safe.
Enabling TOTP
- Navigate to /dashboard/settings.
- Locate the Security section and click Enable two-factor auth.
- Scan the QR code with your authenticator app, or enter the manual setup key.
- Enter the six-digit code displayed in your app to confirm setup.
- Save your recovery codes. Each code can be used once to bypass TOTP if you lose access to your authenticator device.
Recovery codes
Meridian generates ten single-use recovery codes when you enable TOTP. Each code is a 16-character alphanumeric string. You can view and regenerate your recovery codes at any time from the Security section of your dashboard settings.
If you lose both your authenticator device and your recovery codes, account recovery requires contacting support with proof of license ownership. There is no automated bypass.
Preview limitations
- TOTP is currently enforced at login only — API key and CLI authentication flows will be added in a future release.
- WebAuthn (hardware security keys) is on the roadmap but not yet available.
- The preview is opt-in. TOTP will become mandatory for all accounts once it reaches general availability.