Skip to content
Wicket

Sign in: magic link and MFA

Wicket has no passwords. You sign in with a one-time email code, and — where your organisation requires it — a second factor (TOTP).

Sign in with a magic code

  1. Go to app.wicket.sh and enter your email.
  2. Wicket emails you a 6-character code (letters and digits). Codes are valid for 10 minutes and single-use.
  3. Enter the code. You’re signed in — no password ever exists for your account.

Signing in from an invite link works the same way, with one extra rule: you must sign in with the exact email address that was invited.

Multi-factor authentication (TOTP)

When MFA is required for your account, signing in with the email code is not enough — you must also enter a time-based one-time password (TOTP) from an authenticator app.

Set up MFA

  1. Open MFA setup

    After your first sign-in with MFA required, Wicket routes you to the MFA setup screen automatically.

  2. Scan the QR code

    Use any TOTP authenticator (1Password, Google Authenticator, Authy, …) to scan the QR code.

  3. Confirm with a code

    Enter the 6-digit code your authenticator shows. This verifies the enrollment.

  4. Save your backup codes

    Wicket generates 10 single-use backup codes and shows them once. Store them in a password manager — each code can sign you in if you lose your authenticator device.

Sign in with MFA

After the email code, Wicket prompts for your authenticator’s 6-digit TOTP. Lost the device? Click Use a backup code and enter one of your saved codes instead.

Manage your dashboard sessions

Your account page lists active dashboard sessions. Sign out from the avatar menu, or use Sign out on any other active session you don’t recognise.