# Two factor authentication

Two-factor authentication

*Two-factor authentication (2FA)* is a way to improve security, and prevent unauthorized persons from accessing your Trust account.

Practically, 2FA means storing a secret inside an *authenticator*, usually on a mobile phone, and exchanging a code from the authenticator when trying to log in.

This means an unauthorized user would need to guess the account password *and* have access to the authenticator, which is a more difficult proposition.

### Requirements

Phone-based authenticators are the easiest and most commonly used. Examples include:

* [Authy](https://authy.com/)
* [FreeOTP](https://freeotp.github.io/)
* [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)
* [LastPass Authenticator](https://lastpass.com/auth/)
* [Microsoft Authenticator](https://www.microsoft.com/en-gb/account/authenticator?cmp=h66ftb_42hbak)

Password managers are another option. Common examples include:

* [1Password](https://support.1password.com/one-time-passwords/)
* [Bitwarden](https://bitwarden.com/help/article/authenticator-keys/),

Note: The remainder of this document uses Google Authenticator as an example, as it is one of the most commonly used. This is **not** an endorsement of the product.

### Two-factor authentication setup

<figure><img src="https://3628234656-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FJW8Y5NFutZER2tgbakAF%2Fuploads%2FNKcvpHurVNX8yWd3RjZY%2F2fasetup.jpg?alt=media&#x26;token=bb876a7e-e27f-4b65-99d0-a9dc628dcf96" alt=""><figcaption></figcaption></figure>

This generates a Security Control pop-up window that requires password confirmation to continue. Enter the appropriate password, then click Confirm Password. Next, a Two-Factor Authentication Activation pop-up window appears, with a QR code.

Using the desired authenticator application, scan the QR code when prompted.

{% hint style="info" %}
If scanning the screen is not possible (e.g. the setup is being completed on the *same* device as the authenticator application), click on the provided *Cannot scan it?* link, or copy the secret to manually set up the authenticator.
{% endhint %}

Afterwards, the authenticator should display a *verification code*.

Enter the code into the Verification Code field, then click Activate.

### Logging in

To confirm 2FA setup is complete, log out of the Trust Console.

On the login page, input the email and password, then click Log in. On the Two-factor Authentication page, input the code provided by the chosen authenticator in the Authentication Code field, then click Log in.<br>