How MFA Works In Rewind, And How To Upgrade Your Protection

MFA is now mandatory for all Rewind accounts. The good news: for most users, there’s nothing to set up. We’ve made the baseline automatic so you’re protected from day one, with a clear path to stronger options if you want them.

Here’s how it all works.

Your default: email verification (already active)

When you log into Rewind, we’ll send a verification code to your registered email address. Enter the code, and you’re in. No configuration required; this is active for every account automatically.

This is your baseline MFA. It’s simple, it works, and it means every Rewind account is protected even before anyone touches a settings page.

Want stronger protection? Upgrade to an authenticator app

Email codes are convenient, but a TOTP authenticator app is more phishing-resistant and doesn’t depend on your email being accessible. It’s the right move for most teams, and especially for anyone with admin access.

Supported apps include Google Authenticator, Authy, 1Password, Microsoft Authenticator, and any other TOTP-compatible app.

Here’s how to set it up:

1. Log into your Rewind account.

2. Click your profile icon and go to Settings, then select Security from the left-hand menu.

3. Under the MFA card, select Set Up. You’ll be asked to enter your Rewind account password to confirm.

4. Open your authenticator app and scan the QR code shown in Rewind. The app will generate a six-digit one-time code, refreshed every 30 seconds.

5. Enter the code from your app to verify the connection. Done, your account is now using TOTP-based MFA.

From this point forward, each login will prompt you for a code from your authenticator app instead of email.

Maximum protection: hardware security keys

For the strongest available protection, Rewind supports FIDO2/WebAuthn hardware security keys, which are physical devices like YubiKey that plug into USB or tap via NFC. These are immune to phishing by design and are what Google uses internally for its own employees.

To add a security key, go to Settings → Security and follow the prompts under the Security Key section. You’ll need the physical key present to complete setup.

We recommend hardware keys for admins, security-conscious teams, and anyone managing high-value accounts across multiple integrations.

Switching or updating your MFA method

You can change your MFA method at any time through Settings → Security. To switch from email to an authenticator app, or from an app to a hardware key, follow the setup steps for your new method. You’ll be asked to confirm with your current password.

Note: because MFA is mandatory for all Rewind accounts, it cannot be fully disabled. If you’re having trouble accessing your account, contact support for account recovery options.

A quick summary

Every Rewind account is already protected. If you want to go further, the full MFA setup guide in our Help Center covers each option in detail.