Release note · v3.6
Shipped · FEB 5
Two-factor authentication now supports authenticator apps (TOTP) in addition to SMS. Admins can require 2FA for all users in the Security settings. SMS 2FA remains available but authenticator apps are now the recommended method.
Signed · RevCore Pro engineering
Back to ledgerFiled under Security · Auth · Release February 2026
01/Why we shipped it
SMS 2FA is fine, but it isn’t great — SIM-swap attacks against contractor accounts have become common enough that we’d been recommending TOTP off-band for the last six months. This release moves TOTP into the native settings UI: scan the QR code with Google Authenticator, 1Password, Authy, or any other RFC 6238 compatible app, and you’re done.
Admins on the Security settings page now see a "Require 2FA for all users" toggle. Flipping it gives existing users a 7-day grace window to enroll, after which non-enrolled accounts are locked out of new sessions until they enroll. SMS-only accounts continue to work but are flagged with a yellow chip in the user table so admins can nudge upgrades.
02/What changed
03/Browse the ledger
Looking for something specific?
See full release ledgerReady when you are
Start the fourteen-day trial with every feature unlocked. No credit card required. Point your team at one system before the busy season hits.
14-day free trial · No credit card · Cancel anytime
Also ask about RevCore on
