How can we help?

Manage portal 2FA resources

2FA is now mandated to secure your Manage account and prevent fraud.

Two-factor authentication methods offered by Flowroute:

  1. Email (least secure)
  2. Yubikey (requires Yubikey device)
  3. TOTP (Time-based One-Time Password)


Two-Factor Authentication Guide:

  1. Navigate to the Manage Portal → Preferences → User Profile or click this link
  2. Under Two-Factor Authentication (2FA) you are given the option to set up one type of 2FA
  3. Confirm you are authorizing Flowroute to create a second layer of security for your account.
NOTE: Flowroute can not restore access to your account if you lose the two-factor authentication information. Always securely store your backup codes.


Yubikey Method:

Make sure you have your hardware Yubikey with you before you attempt to create a 2FA using the Yubikey method. 

Backup tokens are an extra level of security in case you were to lose your Yubikey, or it is no longer accessible. 

Navigate back to the 2FA option and click the link for "Backup Tokens" then use the "Generate Tokens" button in blue to create the safe tokens. 

Keep your backup tokens in a different location to protect the account. 


App Verification Code (TOTP) Method:

TOTP 2FA options are created using a third-party software application to create timed codes that are unique to your specific account authorization key. 

Some examples of applications that are available to use on Flowroute, but are not specifically endorsed by Flowroute: 

- Google Authenticator

- 2FAS Auth


Email (least secure)

When the option is enabled on an account, Flowroute will send a separate 6-digit authentication code to the account's registered email that will be required to log in. This 6-digit code is needed to unlock the account after the initial login process. The entry box for the 6-digit code will appear before access is granted to the account.

NOTE: A Two-Step Authentication code will be required each time a new session is detected (every 24 hours or when logging in from a new browser). If a code is not received within that time: Check SPAM folders, and make sure that is not blocked or filtered.

Codes can only be used within a 10-minute window. After which the emailed code will no longer be active. If needed, another code can be sent from the Two-Step Authentication verification screen. You cannot send more than one request per minute.

  1. The email was sent to your account email address, please click the link there to confirm.


To change 2FA method you will need to disable it first:

  1. Navigate to the 2FA page and click the "Disable" button.
  2. Check the box to verify that you are about to disable the 2FA, if prompted.
  3. You'll receive an email notification.
  4. Next thing, you will be prompted to set up a new 2FA profile.