Two-Part Authentication
Authenticator-app TOTP protects billing, project submissions, O Badge workflows, and future team controls.
Two-part authentication for OrganismHQ.
OrganismHQ protects sensitive founder workflows with authenticator-app verification, signed browser sessions, Stripe-hosted checkout, and clear crypto safety boundaries.
Account Shield
Turn on two-part authentication.
Protect billing, project submissions, O Badge work, and future team controls with a 6-digit authenticator code.
OffAuthenticator
LockedSession
Local DevCookie Trust
Two-Part Authentication
Use an authenticator app.
This uses TOTP codes from apps like 1Password, Google Authenticator, Microsoft Authenticator, or Authy. OrganismHQ never asks for seed phrases or private keys.
Checking security statusSigned HttpOnly Cookies
2FA enrollment and verified sessions are signed server-side and stored outside normal page JavaScript access.
No Seed Phrases
OrganismHQ never asks for seed phrases, private keys, exchange passwords, or unreleased contract secrets.
Stripe Payments
Card data stays with Stripe. OrganismHQ receives checkout status and entitlement metadata, not card numbers.
Security Headers
The app ships strict transport, frame, content type, permissions, referrer, and content-security-policy headers.
Public Data Boundary
Scans are designed for public token, wallet, liquidity, treasury, NFT, and contract addresses.
Trust Posture
Built for crypto operators who need proof, not promises.
The security layer is designed to support future account teams, admin roles, project ownership, and paid workflow authorization without weakening the existing public scanner.
01Authenticator code before sensitive session trust
02Server-signed cookies with expiration
03Rate limits on setup, verify, and disable attempts
04Public-data rules against private key collection