Two-factor authentication and account security
Enroll an authenticator app, reset a forgotten password, recover from a lost phone, and require 2FA for your whole team.
Add a six-digit code on top of your password so a stolen email + password can't get into your Yesoma workspace. Yesoma supports TOTP authenticator apps (Google Authenticator, 1Password, Authy, Microsoft Authenticator — anything that scans a QR code).
Turn it on for yourself
- Go to
/security/mfa(paste this aftergetyesoma.comin your address bar, or use the link from a setup email if Yesoma support sent you one). - Click Set up authenticator. A QR code appears.
- Open your authenticator app and scan the code. The app starts showing a fresh 6-digit code every 30 seconds.
- Type the current code into Yesoma and click Verify.
You're enrolled. Next time you sign in, after your password you'll be asked for a code. Open your app, type the 6 digits, you're in.
Require it for your whole team
Workspace-wide MFA enforcement is currently a Yesoma-managed setting — email support@getyesoma.com from your Owner account and ask us to turn on Require MFA for your workspace. We'll flip it the same day.
What happens once it's on:
- Every existing member is bounced to the enrollment page the next time they load any Yesoma page. They can't access the inbox, settings, or anything else until they finish setup.
- New invitees get the same treatment on their first sign-in.
- No warning email is sent automatically, so give your team a heads-up before we flip it on.
To turn it back off, email support — same flow. Existing enrollments stay in place; people just stop being forced to set it up.
What sign-in looks like with 2FA on
| Step | What you do | | --- | --- | | 1 | Enter email + password as usual. | | 2 | Yesoma asks for a 6-digit code. | | 3 | Open your authenticator app, type the code, hit Verify. | | 4 | You're in. The next page load doesn't ask again for ~24 hours unless you sign out. |
If you mistype the code, you get another shot — the codes regenerate every 30 seconds, so a fresh one is always seconds away.
Lost your authenticator app?
Phone got wiped, switched devices, or just can't find the app — you can't sign in anymore. Two paths:
- Self-recovery (if your workspace doesn't require MFA): Click "Forgot password" on the sign-in screen. The recovery link signs you in once and drops you on a screen where you can remove the bad factor at
/security/mfaand enroll a fresh one. - Email Yesoma support: Send a note to
support@getyesoma.comfrom the email registered on your account. We can disable MFA on your account so you can sign in with just your password and re-enroll a new authenticator. We do this from the admin console; the action is recorded in the audit log.
If your workspace requires MFA, you'll be sent back to the enrollment page on your next sign-in to add a fresh factor.
Remove your authenticator
Go to /security/mfa → next to your authenticator, click Remove. You'll be signed back to password-only sign-in.
If your workspace requires MFA, removal kicks you to the enrollment page on the next request — you can't end up in a state where the workspace requires MFA but you don't have one.
Resetting your password
Forgot your password? On the sign-in page click Forgot password, type your email, and we'll send a recovery link via our own email pipeline. The link signs you in once and routes you to /reset-password so you can pick a new one.
If you already have 2FA on, the recovery link will ask for your 6-digit code before letting you change the password — this is intentional. A leaked email shouldn't be enough to reset your password if you've taken the trouble to enroll 2FA.
Why we built our own 2FA flow
Our enrollment + sign-in flows live inside Yesoma instead of a third-party widget so we can:
- Send recovery + setup emails through our own pipeline (not the rate-limited default), so they actually arrive.
- Show your workspace's required-MFA banner on the enrollment page so members know why they were sent there.
- Let Yesoma support help workspace Owners when a member gets locked out, with every action recorded in the audit log.
Related
More in Team
- Team5 min
Invite team members
Send a teammate an invite, pick the right role, and bring the people who help you run the business into the workspace.
Read guide - Team4 min
Staff access + impersonation
Yesoma support can open your workspace to help debug — but only when you allow it. The Settings → Staff access toggle, the read vs write distinction, the audit log of every visit, and what staff CAN'T do even when granted access.
Read guide - Team5 min
Brand your emails (logo, color, signature)
Upload a logo, set your brand color and from-address, and add an HTML or plain-text personal signature that auto-applies to every reply.
Read guide - Team4 min
Track team performance
Per-member KPIs — cases handled and closed, win rate, response time, follow-ups, and CSAT — over 7/30/90-day windows. Managers see the team; agents see only themselves.
Read guide - Team4 min
Train your team with Yesoma Academy
In-product courses and certificates for customer service and business security — how courses and assessments work, and how certificates verify.
Read guide - Team4 min
Team roles and permissions
The five workspace roles (Owner, Admin, Manager, Agent, Viewer) and exactly what each can see and do, plus how to set and change them.
Read guide - Team4 min
Review replies before they send
Have a manager approve an agent's reply in the situations you choose (complaints, refunds, low-confidence AI, missing Brain info) without slowing the rest of the inbox.
Read guide
Was this article helpful?
If something was unclear or missing, tell us and we'll fix it.
Still stuck?
We'll help you get this working. Send us a message, or ask about Managed Setup.