Two-factor authentication (2FA) adds a second step to signing in: as well as your password, you'll be asked for a 6-digit code from an authenticator app on your phone. If someone steals your password, they still can't get in without that code.
Setting it up
Open My account.
Find the "Two-factor authentication" section and click "Enable 2FA".
Scan the QR code with an authenticator app:
Enter the 6-digit code your app shows to confirm. 2FA is now active.
Recommended authenticator apps
1Password — integrates with the password manager.
Google Authenticator — free, simple.
Microsoft Authenticator — useful if you already use Microsoft 365.
Authy — supports multi-device backup.
Recovery codes
When you enable 2FA, Carerealm shows you ten one-time recovery codes. Each works exactly once if you lose access to your authenticator app.
Heads up — Save the recovery codes the moment they're shown. Put them in your password manager, or print them and store them somewhere safe. You won't see them again.
If you lose your phone or your codes
If you can't reach your authenticator AND you don't have a recovery code, ask a realm admin to disable 2FA on your account from Admin → Account directory. You can then set it up again with a fresh device.
Note — If you sign in with Google, Microsoft or Apple SSO, you don't need a separate Carerealm 2FA — your identity provider's own MFA already protects your sign-in.