Two-Factor Authentication
Add a second factor with TOTP and backup codes.
Two-factor authentication (2FA) adds a one-time code from your phone — or a backup code — on top of your password. We strongly recommend enabling it. Your workspace admin can also require it for everyone.
Enabling 2FA
From Profile settings → Two-factor:
- Click Enable two-factor authentication.
- Scan the QR code with an authenticator app — Google Authenticator, Authy, 1Password, Microsoft Authenticator, or any other TOTP-compatible app. If you can't scan the code, copy the manual setup key shown below it.
- Enter the 6-digit code your app generates to verify the setup.
- Save your backup codes. You'll get 10–12 single-use codes — store them in a password manager or print them somewhere safe. Each code works exactly once.
Once 2FA is enabled, you'll be asked for a code every time you sign in.
Using a backup code
If you lose your phone or your authenticator app stops working, sign in with a backup code on the same screen where you'd normally enter the TOTP code. Each backup code is single-use; cross it off once spent.
When you run low on backup codes, regenerate them from the Two-factor tab. New codes invalidate the old ones.
Disabling 2FA
If 2FA isn't required by your workspace, you can disable it from the same tab. You'll be asked to confirm with your current 2FA code.
If 2FA is required, the disable button is grayed out with the note Required by your workspace administrator. Ask your admin if you need an exception.
Lost both your phone and your backup codes?
Contact your workspace admin. They can reset 2FA on your account after verifying your identity through your organization's normal process.
See also
- Workspace → Authentication — for the admin side of 2FA enforcement.
- Signing In — what the login flow looks like with 2FA on.