Overview
Release 1.10.0 focuses on two things our customers asked for the most: stronger account security, and a smoother billing experience. Two-factor authentication, captcha protection on the public auth pages, helpful onboarding emails, an easier cancellation flow, and invoice payments — all in one release.
Two-Factor Authentication
Two-factor authentication (2FA) is the single biggest thing you can do to protect your VersionOps account. 1.10.0 adds TOTP-based 2FA with backup codes.
How it works
- Enroll from Settings → Security → Two-Factor Authentication.
- Scan the QR code with any authenticator app — Google Authenticator, 1Password, Authy, Bitwarden, and so on.
- After enrollment, sign-in asks for a 6-digit code in addition to your password.
- You receive 10 single-use backup codes — store them in a password manager so you can sign in if you lose your phone.
For organizations with admins
If you're running an organization, turn on Require MFA for admins under Settings → Security Policy. From the next sign-in onward, every admin user in your org is prompted to enroll before they can reach sensitive areas like billing, tokens, or server management.
Captcha on Register and Login
Public sign-up and sign-in pages are the most-targeted surface on any SaaS — bots try them constantly. We've added Cloudflare Turnstile to both pages.
Turnstile is invisible most of the time: real users sail through, bots get blocked. If a sign-in fails for any reason — wrong password, network error, anything — the captcha resets automatically so you never run into a "captcha already used" message on retry.
Onboarding and Reminder Emails
A few small things that make life easier for new accounts and trial users:
- Welcome email sequence — every new account, whether created with email/password or through an OAuth provider, now receives a short series of emails covering the basics: registering your first server, scanning dependencies, and setting up notifications.
- Trial reminders — accounts on a trial plan get a friendly reminder three days before the trial expires, and a final one one day before, with a direct upgrade link.
If the trial is upgraded to paid, the reminders quietly stop on their own.
Account Cancellation by Secure Link
We've made it easier to cancel an account when you can't get in. If you've lost access to the email used at sign-up — for example, you've left a company — you can now request a secure cancellation link. Clicking the link verifies the recipient and lets you cancel and delete the entire account in one step, without needing to log in.
When you do delete the account, all of your data goes with it: organization, members, hosts, dependencies, scans, audit logs, invoices, billing — fully removed, with no leftovers.
Invoice Payments
You can now receive and pay invoices directly:
- Issued invoices arrive by email with a PDF attachment ready to forward to accounting.
- The same PDF is available for download from the dashboard at any time.
- If an invoice goes past due, you'll get a multi-step, gradually escalating reminder — not the single noisy email of old, and every reminder is automatically cancelled the moment you pay.
Quality of Life
- The captcha widget no longer gets stuck after a failed login attempt — it resets cleanly every time.
- Invoice modals are cleaner: the org dropdown is properly wired, buttons are styled, and long line items wrap.
What's Next
We're working on:
- Hardware key support (WebAuthn / FIDO2) as a second factor alongside TOTP.
- SSO via SAML for enterprise customers.
- Step-up auth that re-verifies you with MFA before destructive actions like deleting a server or rotating a token.