Security (2FA, Passkeys)
Enable two-factor authentication, passkeys, and strengthen your Syndic+ account security.
Why strengthen security?#
Your Syndic+ account contains personal information for all co-owners (name, email, contact, financial situation) and confidential syndicate documents. Bill 25 requires security measures appropriate to the sensitivity of the data.
Available authentication methods#
| Method | Security | Usability |
|---|---|---|
| Password alone | ⭐⭐ | ⭐⭐⭐⭐⭐ |
| Password + 2FA (TOTP) | ⭐⭐⭐⭐ | ⭐⭐⭐ |
| Password + 2FA (SMS) | ⭐⭐⭐ | ⭐⭐⭐⭐ |
| Magic link (email) | ⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
| Passkey (biometric) | ⭐⭐⭐⭐⭐ | ⭐⭐⭐⭐⭐ |
Syndic+ strongly recommends passkeys for admins — maximum security and seamless experience (Touch ID, Windows Hello, USB key).
Enable 2FA#
Open settings
Settings → Security → Two-factor authentication.
Pick a method
- Authenticator app (Google Authenticator, 1Password, Authy, etc.) — recommended
- SMS — less secure but simpler for non-technical users
Scan the QR code
With your authenticator app, scan the QR code shown. A 6-digit code appears, refreshed every 30 seconds.
Confirm
Enter the current 6-digit code in Syndic+. Once validated, 2FA is active.
Save the recovery codes
10 single-use codes are generated. Store them somewhere safe (password manager, vault). They let you regain access if you lose your phone.
Enable a passkey#
Settings → Security → Passkeys
Click Add passkey.
Choose the type
- This device: Touch ID on Mac, Windows Hello on PC, PIN/biometric on phone
- Security key: YubiKey, Titan, etc.
- Another device: passkey from a phone (QR code)
Validate biometrically
The browser prompts for confirmation (fingerprint, face ID, PIN). The passkey is created and linked to your account.
Passkeys sync across your devices via iCloud Keychain (Apple), Google Password Manager (Android/Chrome), or Windows Hello. Sign in from any of your devices.
Third-party apps (Google, Microsoft)#
You can link your account to:
- Microsoft / Entra ID: click Connect Microsoft — secure OAuth 2.0
- Google: click Connect Google
These accounts can replace the password at sign-in if enabled.
Require 2FA for the whole syndicate#
Owners can require 2FA for all board members:
Settings → Syndicate → Bill 25 Compliance → Require 2FA for admins
Members without 2FA are prompted to enable it at their next sign-in.
Requiring 2FA is a best practice under Bill 25, particularly for syndicates of more than 20 units.
Active sessions#
Settings → Security → Sessions shows your active sessions:
- Device (browser, OS)
- IP (approximate, city-level)
- Last activity
Click End this session to sign out remotely from a compromised or forgotten device. Ending all other sessions is useful after a device theft.
Session settings#
- Session duration: 7 days default, configurable (1 to 30 days)
- Max simultaneous sessions: 3 default
- Re-auth for sensitive actions: toggleable (password change, account deletion, ownership transfer)
What to do if compromised#
- Change password immediately
- Revoke all sessions
- Regenerate 2FA recovery codes
- Revoke connected third-party apps (Microsoft, Google)
- Notify the syndicate's Privacy Officer for incident assessment (Bill 25)
- Review the audit log to identify actions taken by the attacker