# Two factor authentication

Two-factor authentication

*Two-factor authentication (2FA)* is a way to improve security, and prevent unauthorized persons from accessing your Trust account.

Practically, 2FA means storing a secret inside an *authenticator*, usually on a mobile phone, and exchanging a code from the authenticator when trying to log in.

This means an unauthorized user would need to guess the account password *and* have access to the authenticator, which is a more difficult proposition.

### Requirements

Phone-based authenticators are the easiest and most commonly used. Examples include:

* [Authy](https://authy.com/)
* [FreeOTP](https://freeotp.github.io/)
* [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)
* [LastPass Authenticator](https://lastpass.com/auth/)
* [Microsoft Authenticator](https://www.microsoft.com/en-gb/account/authenticator?cmp=h66ftb_42hbak)

Password managers are another option. Common examples include:

* [1Password](https://support.1password.com/one-time-passwords/)
* [Bitwarden](https://bitwarden.com/help/article/authenticator-keys/),

Note: The remainder of this document uses Google Authenticator as an example, as it is one of the most commonly used. This is **not** an endorsement of the product.

### Two-factor authentication setup

<figure><img src="/files/Vbf5AL2qyHMnOGk99D3X" alt=""><figcaption></figcaption></figure>

This generates a Security Control pop-up window that requires password confirmation to continue. Enter the appropriate password, then click Confirm Password. Next, a Two-Factor Authentication Activation pop-up window appears, with a QR code.

Using the desired authenticator application, scan the QR code when prompted.

{% hint style="info" %}
If scanning the screen is not possible (e.g. the setup is being completed on the *same* device as the authenticator application), click on the provided *Cannot scan it?* link, or copy the secret to manually set up the authenticator.
{% endhint %}

Afterwards, the authenticator should display a *verification code*.

Enter the code into the Verification Code field, then click Activate.

### Logging in

To confirm 2FA setup is complete, log out of the Trust Console.

On the login page, input the email and password, then click Log in. On the Two-factor Authentication page, input the code provided by the chosen authenticator in the Authentication Code field, then click Log in.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.open-bank.org/activate-open-bankid/my-account/account-security-settings/two-factor-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.