Two-factor authentication increase your account security by adding an additional layer of verification when you log in. Each time you log in, you will not only be asked to provide your login and password, but also an additional authentication token which changes periodically and is generated typically on your mobile device (phone or tablet). This means that even when someone knows your username and password, they still won’t be able to log in unless they have access to your mobile device.

We strongly recommend you to use two-factor authentication for the safety of your account.

You can activate two-factor authentication by going to “Administration => Personal => Security”. There you will find a link to activate it. When you set this up, make sure to backup your recovery codes (ideally in your encrypted password manager) in case you lose your mobile device or if you cannot access it anymore.

A user with super user access can force every user to have two-factor authentication enabled. In this case, you might be forced to set up two-factor authentication and you won’t be able to disable it anymore.

Please note that when you issue an API request, or authenticate using your authentication token (for example when you export widgets), the two-factor authentication code is not being verified.

Previous FAQ: How do I troubleshoot login failures?