QUICK ANSWER
Two-factor authentication adds a one-time code to your login. Open Profile, then Security, then Two-factor authentication. Scan the QR code with Google Authenticator or Authy, enter the 6-digit code to confirm, and save your recovery codes somewhere safe.
Why this matters
A password alone can be phished, leaked, or guessed. 2FA means an attacker also needs your phone to log in, which makes account takeover dramatically harder. We recommend it for all clients.
Steps
1. Install Google Authenticator (free, iOS and Android) or Authy on your phone. Both work with nomo.
2. Log in to nomo on web or app.
3. Open Profile and go to Security, then Two-factor authentication.
4. Click Enable. A QR code appears.
5. In your authenticator app, tap + or Add account and scan the QR code.
6. Enter the 6-digit code your authenticator app shows. This confirms the setup.
7. Save the recovery codes shown on screen. Store them in a password manager or somewhere offline. Without them, losing your phone means losing access.
Important notes
SMS-based 2FA is less secure than an authenticator app, because phone numbers can be hijacked. Use an authenticator app where possible.
Each new device you log in from will trigger an email confirmation in addition to 2FA.
If you lose access to both your authenticator and your recovery codes, recovering your account requires identity verification and may take several business days.
Troubleshooting
The 6-digit code keeps being rejected.
Authenticator codes are time-based. If your phone clock is off by more than a minute, codes fail. In Google Authenticator: Settings → Time correction for codes → Sync now.
I lost my phone.
Use one of your recovery codes to log in, then disable and re-enable 2FA on a new device. If you don't have your recovery codes, contact support to start the recovery process.