Skip to main content
Alfred Scholar
AI Chat Citations Manuscripts Literature Review Plagiarism Check Collaboration
vs Zotero vs Mendeley vs Elicit vs Consensus
Docs
Log in Get Started

Security

Protecting your research data is critical. Alfred Scholar provides multiple layers of account security including two-factor authentication and passwordless passkey login.

Two-factor authentication (2FA)

Two-factor authentication adds an extra layer of security to your account. Even if someone learns your password, they cannot sign in without the second factor from your authenticator app.

Setting up 2FA

  1. Go to Settings > Two-Factor Authentication.
  2. Click Enable Two-Factor Authentication.
  3. A QR code appears on screen.
  4. Open your authenticator app (Google Authenticator, Authy, 1Password, or any TOTP-compatible app).
  5. Scan the QR code with your authenticator app. If you cannot scan the QR code, click to reveal the setup key and enter it manually into your app.
  6. Enter the 6-digit verification code from your app to confirm setup.
  7. 2FA is now active.

Recovery codes

After enabling 2FA, you receive a set of recovery codes. These are one-time-use backup codes that let you sign in if you lose access to your authenticator app.

Critical: Save your recovery codes in a secure location (password manager, printed copy in a safe place). If you lose both your authenticator device and your recovery codes, you will be locked out of your account.

You can regenerate your recovery codes at any time from the Two-Factor Authentication settings page. Regenerating codes invalidates all previous codes.

Signing in with 2FA

After 2FA is enabled, the sign-in flow changes:

  1. Enter your email and password as usual.
  2. You are prompted for a verification code.
  3. Open your authenticator app and enter the current 6-digit code.
  4. If you do not have your authenticator device, click Use a recovery code and enter one of your saved recovery codes.

Disabling 2FA

  1. Go to Settings > Two-Factor Authentication.
  2. Click Disable Two-Factor Authentication.

Tip: We strongly recommend keeping 2FA enabled to protect your research data.

Passkeys

Passkeys are a modern, passwordless way to sign in. They use your device's built-in authentication (Face ID, Touch ID, Windows Hello, or a hardware security key) to verify your identity.

Why use passkeys?

  • More secure - Passkeys are resistant to phishing, password leaks, and brute-force attacks.
  • Faster - Sign in with a fingerprint or face scan instead of typing a password.
  • No passwords to remember - Your device handles authentication automatically.

Setting up a passkey

  1. Go to Settings > Passkeys.
  2. Click Register New Passkey.
  3. Your browser prompts you to create a passkey using your device's authenticator (fingerprint reader, face recognition, or security key).
  4. Complete the authentication prompt.
  5. Give your passkey a name (for example, "MacBook Pro Touch ID" or "iPhone Face ID").
  6. The passkey is saved and ready to use.

You can register multiple passkeys for different devices.

Note: Passkeys require a browser that supports WebAuthn. If your browser does not support passkeys, a notice will be displayed.

Signing in with a passkey

  1. On the login page, click the Sign in with Passkey button.
  2. Your browser prompts you to authenticate with your device (fingerprint, face, or security key).
  3. You are signed in immediately - no password needed.

Managing passkeys

View and manage your registered passkeys:

  1. Go to Settings > Passkeys.
  2. You see a list of all registered passkeys with their names and creation dates.
  3. Delete - Click the delete button to remove a passkey you no longer use.

Note: Deleting a passkey only removes it from Alfred Scholar. The credential on your device is not affected.

Password confirmation

For sensitive actions (like changing your password, disabling 2FA, or deleting your account), Alfred Scholar may ask you to confirm your password first. This is an additional security check to prevent unauthorized changes.

Best practices

  • Enable 2FA - This is the single most effective step to protect your account.
  • Register passkeys on multiple devices - If you lose one device, you can still sign in with another.
  • Save recovery codes offline - Store them in a password manager or print them. Do not store them in an unencrypted file on your computer.
  • Use a strong, unique password - Even with 2FA and passkeys, a strong password is important as a fallback.
  • Review your passkeys periodically - Remove passkeys for devices you no longer use.

Next steps