build 3.0.0 · aes-256-gcm / post-quantum · eu/de · ram only
Help / Set up your authenticator

Set up your authenticator app.

About 3 minutes. One-time setup. Paramant uses SHA-256 TOTP — works with Raivo (iOS), Aegis (Android), 1Password, Bitwarden, Authy, Ente Auth, and 2FAS. Google Authenticator and Microsoft Authenticator do not work (SHA-1 only).

1

Install an authenticator app

Pick one — all are free:

  • Raivorecommended iOS — open source, iCloud backup, single-device
  • Aegisrecommended Android — open source, encrypted local backup
  • 1Password — syncs across devices, family and team plans available
  • Bitwarden — free, open source, works on all platforms
  • Authy — cloud backup, multi-device
  • Ente Auth — open source, E2E-encrypted cloud backup
  • 2FAS — iOS/Android, browser extension companion

Install on your phone before continuing.

2

Open your Paramant setup link

You received a setup link in your welcome email. It looks like:

https://paramant.app/auth/setup?token=XXXXXXXX

Click it on your computer. The link expires 14 days after issue.

If your link has expired, request a new one at paramant.app/auth/request-reset.

3

Scan the QR code

Open your authenticator app on your phone and add a new entry:

  • Raivo (iOS) — tap + → "Scan QR Code"
  • Aegis (Android) — tap + → "Scan a QR code"
  • 1Password — tap + → "Scan QR Code"
  • Bitwarden — Add item → Login → Authenticator key → Scan QR
  • Authy — tap + → "Scan QR Code"

Point the camera at the QR code on paramant.app. The app shows a 6-digit code that changes every 30 seconds.

4

Confirm it works

Type the current 6-digit code from your app into the paramant.app setup page. Click Confirm setup.

If it says "Invalid code", check that your phone's time is set automatically (Settings → General → Date & Time → Set Automatically). TOTP depends on accurate time.

5

Save your backup codes

After confirming, you'll see 10 backup codes. Each can be used once if you lose access to your authenticator app.

Save them in at least one of these places:

  • In your password managerrecommended — 1Password, Bitwarden, etc. as a secure note
  • Printed copy — print and keep in a locked drawer or safe
  • Encrypted file — password-protected ZIP or encrypted note

Don't store backup codes in plain text files, email, unencrypted cloud notes (iCloud Notes, Google Keep), or phone camera roll.

You're done

From now on, sign in at paramant.app/auth/login with your email and the current 6-digit code from your app. Sessions last 1 hour.

Troubleshooting

"Invalid code" when I know it's correct

Phone time drift is the most common cause. Enable automatic time on your phone (Settings → General → Date & Time → Set Automatically).

Also possible: the code was already used in the last 90 seconds. Wait 30 seconds for a fresh code and try again.

"Setup link expired"

Request a new link at paramant.app/auth/request-reset.

"All backup codes used"

Contact privacy@paramant.app with your account details. We'll verify your identity and manually reset your authenticator setup.

I lost my phone / authenticator app

Use one of your backup codes to sign in, then re-enroll a new authenticator app from your account settings. If you've used all backup codes, contact privacy@paramant.app.

Related

Backup codes

What they are, when to use them, how to regenerate.

API key or TOTP?

When to use which authentication method.