This update was less about new features and more about trust — making sure the accounts that exist are real, giving real users a way to protect them, and giving them tools to manage their own data. We also shipped a chunk of engagement work to keep early trial users coming back.

Email verification on signup

We noticed a couple of obviously-fake accounts in the trial cohort. So credentials signup now flows through a real verification step.

Optional TOTP 2FA

Users can now enable two-factor authentication from the Account page. The flow:

Click Enable 2FA — server generates a base32 secret + 8 backup codes
Scan the QR code with any TOTP app (Google Authenticator, Authy, 1Password, Bitwarden, etc.)
Save the backup codes (shown once)
Enter the current 6-digit code to confirm — only then does totp_enabled flip on

After that, every credentials login requires a 6-digit code (or one of the backup codes) after the password check. Backup codes are bcrypt-hashed and consumed on use.

We picked otpauth over otplib as the TOTP library — single file, zero dependencies, bundles cleanly with Next.js without the build-time named-export drama. If you're following along at home, this is the kind of thing that costs you 30 minutes of "why won't this compile on Vercel" before you swap and move on.

If a user loses both their authenticator and their backup codes, the only path is an admin-side reset. That's a deliberate choice — an email-based 2FA bypass would defeat the point.

Self-service account controls

The Account page now has Delete Account:

This is partly GDPR hygiene, partly just respecting the user's right to leave. If suspend is enough, they shouldn't have to email support to disappear.

Achievements

There's now an /achievements page styled as a hexagonal grid (Product Hunt vibes) with 10 badges across bronze/silver/gold tiers:

First Signal — first save
Curator / Power User — 5 / 10 saves
Problem Solver — first AI solution
Builder — first MVP brief
Architect — first implementation plan
Pipeline Pro — Solution + MVP + Plan all generated for the same opportunity (the gold one)
On a Roll / Gone Streaking — 2- and 5-day streaks
Exporter — first markdown download

A small sidebar widget on the dashboard shows your badge count and links to the full grid.

Weekly user summary

Trial users now get a Monday-morning "here's what you missed" email — top 3 opportunities from the last 7 days, a count of new opportunities added, and a personalized line about how many things they saved or solutions they generated. Runs via a Vercel cron job at 08:00 UTC Mondays.

Housekeeping

A few small things that don't deserve sections of their own:

Social proof on dashboard cards: opportunities now show "X others saved this" when the count is > 0
Blog list dedupes by title, so duplicate AI-generated posts only show once
Welcome banner on first dashboard load for trial users (a 3-step guide most signups need)
Pipeline progress bar on Favorites — visual Saved → Solution → MVP → Plan chain so users see what's next

What's next

If you've been kicking the tires on Niche Sonar — try enabling 2FA, peek at the achievements page, and let us know what you'd like to see next. Reply to any of our emails; they all land in a real inbox.