Two-factor authentication

Protect member health data and staff logins with 2FA.

header-x
Two-factor authentication

Gym accounts hold health metrics, check-in histories and payment details that members trust you to protect. Xircuit's two-factor authentication adds a second layer of security so a stolen password alone can never unlock a member or staff account.

Request a demo

One extra step that keeps your accounts safe.

  • Member health metrics stay protected even if a password is compromised.
  • Staff logins — including admin access — can be secured with mandatory 2FA.
  • Members enrol in under two minutes from the app — no IT help required.

Xircuit's two-factor authentication uses time-based one-time passwords (TOTP) from any authenticator app — Google Authenticator, Microsoft Authenticator or Authy. Every account stays protected against credential-stuffing attacks even if a password is ever compromised.

TOTP authenticator support

Works with Google Authenticator, Microsoft Authenticator, Authy and any standard TOTP app — no proprietary hardware required.

Credential-stuffing protection

Even if a password is exposed in a third-party breach, 2FA blocks unauthorised access to Xircuit accounts.

Self-service enrolment

Users set up 2FA from their own profile page in under two minutes — no admin intervention required.

Admin enforcement option

Org admins can require 2FA for all staff logins, ensuring consistent security across the whole team.

No SMS dependency

TOTP codes are generated locally on the user's device — no SIM-swap risk and no reliance on phone signal.

Two-factor authentication

Fitness organisations that enforce 2FA for staff and admin accounts typically eliminate credential-based account takeovers entirely — and often find that members adopt the feature voluntarily once they see how simple the setup process is.

Frequently Asked Questions

Which authenticator apps does Xircuit support?

Xircuit supports any standard TOTP authenticator app, including Google Authenticator, Microsoft Authenticator and Authy. You scan a QR code once during set-up and the app generates codes automatically.

Can I require 2FA for all staff and admin logins?

Yes. Org admins can enforce 2FA for all staff roles from the organisation security settings. Users without 2FA set up will be prompted to enrol before accessing their account.

What happens if a user loses access to their authenticator app?

Users receive recovery codes when they set up 2FA. An org admin can also disable 2FA for a specific account via the admin panel so the user can re-enrol.

Related features

Ready to see Xircuit in action?

Request a demo Get the app