UkrainianUA
imageUA imageEN

How to Set Up Two-Factor Authentication on UniLink (Protect Your Account)

By UniLink May 02, 2026 10 min read
How to Set Up Two-Factor Authentication on UniLink (Protect Your Account)


How to Enable Two-Factor Authentication on UniLink (Secure Your Account)

Two-factor authentication adds a second layer of protection so your account stays safe even if someone gets hold of your password. This guide covers setup, backup codes, and recovery.

TL;DR: Go to Settings → Security → Enable 2FA, scan the QR code with Google Authenticator or Authy, enter the 6-digit code to confirm, and save your backup codes in a safe place. From that point on, logging in requires both your password and a one-time code.

A password alone is no longer sufficient protection for any account that matters. If your password is reused across sites, guessed by a brute-force attack, or exposed in a data breach, anyone who obtains it can log in to your UniLink account, access your subscriber list, tamper with your store, or lock you out by changing your email. Two-factor authentication (2FA) prevents this by requiring a second piece of evidence — a time-sensitive code from an app on your phone — that an attacker would need physical access to your device to produce.

What Two-Factor Authentication Covers

UniLink's 2FA uses the Time-based One-Time Password (TOTP) standard. This means it works with any standard authenticator app, including Google Authenticator, Authy, Microsoft Authenticator, and 1Password. You do not need any specific app — all TOTP apps generate the same valid codes for any given account.

Once enabled, every login from a new or unrecognized device requires your password plus a 6-digit code from your authenticator app. The code refreshes every 30 seconds and is valid only for one login attempt. An attacker with only your password cannot log in without also having your phone.

When you set up 2FA, UniLink provides a set of one-time backup codes. These are used when your phone is unavailable — for example, if it is lost, stolen, or out of battery. Each backup code works exactly once. After use, it is invalidated. Store your backup codes somewhere secure and separate from your phone, such as a printed sheet in a safe location or inside a password manager.

How to Get Started

  1. Log in to your UniLink account — Go to unil.ink/login and enter your credentials. 2FA setup requires an active session.
  2. Open Settings → Security — Click your profile avatar in the top-right corner of the dashboard, select "Settings", then navigate to the "Security" tab.
  3. Click "Enable Two-Factor Authentication" — A setup modal opens with a QR code and a text-based secret key below it.
  4. Open your authenticator app — Install Google Authenticator, Authy, or any TOTP-compatible app on your phone if you do not have one yet. Tap "Add account" or the "+" button.
  5. Scan the QR code — Point your phone camera at the QR code shown on the UniLink setup screen. The app adds a "UniLink" entry with your email address and starts generating 6-digit codes.
  6. Enter the current 6-digit code — Type the code shown in your authenticator app into the verification field on the UniLink setup screen. You have 30 seconds before it refreshes — if you are slow, just wait for the next code. Click "Confirm".
  7. Save your backup codes — UniLink displays 8–10 one-time backup codes. Download the text file or copy them to a password manager. Click "Done" to complete setup.

Step-by-Step Guide

  1. Choose Authy over Google Authenticator if you can — Authy backs up your 2FA accounts to the cloud (encrypted), so you can restore them on a new phone. Google Authenticator requires manual transfer. Either works, but Authy reduces the risk of being locked out if your phone is lost.
  2. Use the manual entry key if the QR code does not scan — Below the QR code, UniLink shows a text-based secret. In your authenticator app, choose "Enter setup key manually" and type or paste the secret. The result is identical to scanning.
  3. Verify the code successfully before closing the setup modal — 2FA is not active until you enter a valid code and click "Confirm". If you close the modal without confirming, 2FA is not enabled and you need to start from step 3.
  4. Store backup codes in at least two places — A printed copy in a physical safe and a digital copy in a password manager is the standard approach. Storing them only on your phone defeats their purpose — if you lose the phone, you need the codes to get back in.
  5. Test the login flow immediately after setup — Log out and log back in to confirm that the 2FA prompt appears and your authenticator code is accepted. This confirms setup worked before you rely on it.
  6. Do not screenshot the QR code and store it in your phone's camera roll — If your phone is compromised, the attacker gets access to both your stored passwords (if any are in the browser) and the 2FA secret. Store the backup codes separately instead.
  7. Regenerate backup codes periodically — In Settings → Security, you can invalidate old backup codes and generate a fresh set. Do this if you have used several codes or if you suspect someone may have seen them.

Key Settings Explained

SettingWhat it controlsBest practice
Enable 2FA (Settings → Security)Activates TOTP-based second factor for all loginsEnable this as soon as you set up your account, before any sensitive data is stored.
Authenticator appGenerates the 30-second rotating 6-digit codesUse Authy for cloud backup, or Google Authenticator if you prefer no cloud dependency.
Backup codesOne-time codes for logging in when your phone is unavailableStore in a password manager and a printed physical copy. Each code works once only.
Regenerate backup codesInvalidates all existing backup codes and issues a new setRegenerate if any codes have been used or potentially seen by someone else.
Disable 2FA (Settings → Security)Removes the second factor requirement from loginsOnly disable temporarily when migrating to a new phone. Re-enable immediately after.
Pro tip: When setting up a new phone, do not delete the old authenticator app until you have confirmed the new phone's app generates valid codes for your UniLink login. Transfer first, verify second, delete old app third. Skipping this order is the most common reason people get locked out during phone upgrades.

How to Get the Most Out of It

Enabling 2FA is one of the most effective security actions you can take for your UniLink account, but it is only as strong as your backup codes management. The most common way people lose access to a 2FA-protected account is not an attack — it is losing their phone without having backup codes stored elsewhere. Treat backup codes with the same seriousness as a spare house key.

If you manage a UniLink account for a brand or team, consider the operational implications of 2FA. If only one person has the authenticator app and they leave the team or lose their phone, the rest of the team may be locked out. Use a shared authenticator entry in a team password manager like 1Password Teams or Bitwarden Organizations so multiple trusted people have access to the code generator.

Combine 2FA with a strong, unique password for maximum protection. A long, random password from a password manager plus 2FA means an attacker would need to break strong cryptography AND physically steal your phone to access your account. In practice, accounts with both protections are never targeted because easier targets exist.

Review your active sessions periodically in Settings → Security → Active Sessions. If you see a location or device you do not recognize, use "Log out of all devices" to clear everything, then change your password and confirm your 2FA setup is still intact. This combination — forced logout, password change, 2FA active — is the complete response to a suspected unauthorized access event.

Troubleshooting Common Issues

ProblemLikely causeFix
6-digit code rejected during loginPhone clock out of sync — TOTP requires accurate timeEnable automatic time zone and time setting on your phone. In Google Authenticator, use "Time correction for codes" in the app settings.
Locked out — no access to phone and no backup codesPhone lost or app deleted before backup codes were savedContact UniLink support with your account email and identity verification details. Recovery takes 1–2 business days.
QR code will not scanCamera focus or screen brightnessIncrease screen brightness, hold the phone closer, and ensure the QR code is fully visible. Alternatively, use the manual secret key entry option.
Backup codes not workingEach code is single-use; already-used codes are invalidUse a fresh code from your backup list. If all are used, log in with your authenticator and regenerate a new backup code set from Settings → Security.

Pros

  • Blocks unauthorized access even if your password is stolen
  • Works with any TOTP-compatible authenticator app
  • Backup codes provide a reliable fallback when your phone is unavailable
  • Setup takes under three minutes and is a one-time process

Cons

  • Losing your phone without backup codes can result in a lengthy support-based recovery
  • Adds an extra step to every login on unrecognized devices
  • Requires deliberate backup code management to avoid lockout risk

Frequently Asked Questions

Which authenticator app should I use with UniLink?

Any TOTP-compatible app works. Authy is recommended for most users because it backs up your accounts securely to the cloud, making phone replacement painless. Google Authenticator is a good choice if you prefer no cloud involvement. Microsoft Authenticator and 1Password also work correctly.

What do I do if I get a new phone?

Before switching phones, use your current authenticator to add the UniLink account to the new phone's authenticator app by scanning the QR code or using backup codes. Confirm the new app generates valid codes, then you can safely remove the entry from the old phone.

Can I disable 2FA temporarily?

Yes, from Settings → Security → Disable Two-Factor Authentication. You will be asked to enter a current 2FA code to confirm the change. Only disable it when necessary, such as during a phone migration, and re-enable it as soon as possible.

What happens if I run out of backup codes?

Log in using your authenticator app (not a backup code), then go to Settings → Security → Regenerate Backup Codes. A fresh set of codes is issued and all old ones are invalidated. Download or copy the new ones immediately.

Does 2FA protect me from phishing?

It raises the bar significantly. If a phishing site captures your password, the attacker still cannot log in without a valid 2FA code, which expires in 30 seconds. Real-time phishing attacks that relay the code instantly are possible but rare and targeted. For most users, 2FA stops the vast majority of account takeover attempts.

Key Takeaways

  • Enable 2FA in Settings → Security — scan the QR code with Google Authenticator or Authy and confirm with the 6-digit code.
  • Save your backup codes in at least two separate locations: a password manager and a physical printout.
  • TOTP codes refresh every 30 seconds — if a code is rejected, wait for the next one and check your phone's clock is set to automatic time.
  • Before switching phones, transfer your authenticator entry to the new device and confirm it works before deleting from the old one.
  • If locked out without a phone or backup codes, contact UniLink support for manual identity verification and recovery.

Ready to secure your UniLink account?

Enable two-factor authentication today. It takes three minutes and means your account is protected even if your password is ever compromised.

Get Started Free

Create Your Free Link-in-Bio Page

Join thousands of creators using UniLink. 40+ blocks, analytics, e-commerce, and AI tools — all free.

Get Started Free