Two-factor authentication adds a one-time code on top of your password when you sign in. Even if someone learns your password, they can't get in without your second-factor device.
Who should turn it on
Everyone, but especially:
- Models — your account holds your earnings. Camila enforces 2FA for new models from day 1.
- Anyone with CX tokens or saved payment methods — recommended.
- Studio operators — required.
What we support
| Method | Setup time | Strength |
|---|---|---|
| Authenticator app (Google Authenticator, Authy, 1Password, Apple Passwords, Bitwarden) | 1 minute | Strongest. Codes are generated on your device. |
| Hardware key (YubiKey, Google Titan, any FIDO2/WebAuthn key) | 1 minute | Strongest. Phishing-proof. |
| SMS code | 30 seconds | Acceptable, but susceptible to SIM-swap attacks. Use it only if app/key are unavailable. |
Turning it on
- Go to Settings → Security → Two-factor authentication.
- Pick your method. For an authenticator app, scan the QR code with the app of your choice and enter the 6-digit code shown.
- Save your recovery codes. We show 10 single-use codes immediately after setup. Each one lets you sign in once if you lose your device. Print them, store them in a password manager, or write them on paper — but don't lose them.
- We sign you out of every other session and ask you to sign back in with your new second factor to confirm it works.
Lost your phone or hardware key?
Use a recovery code on the sign-in screen. Each code works once. Once you're back in, go to Settings → Security and reset 2FA — that invalidates all the old recovery codes and gives you a fresh batch.
If you've also lost your recovery codes, contact support@camila.live. Account recovery without a second factor or recovery codes can take up to 72 hours and requires you to verify your identity, because the alternative is that anyone who learns your password gets your account. We know it's frustrating; it's also what keeps your account safe from everyone else.