# Two-factor authentication (2FA) ### About two-factor authentication Two-factor authentication (2FA) adds an extra layer of security when signing-in to Avion. When you enable 2FA, you must sign in with your email and password and provide another form of authentication that only you know or have access to. Using 2FA ensures that even if a password is compromised, access to Avion won’t be granted unless the person signing in is verified from their device. We **strongly** urge you to enable 2FA for the safety of your account, not only on Avion, but on other websites and apps that support 2FA. **Note:** Two-factor authentication is not used for sign-in requests when SSO is enabled in your Avion organization {% hint style="info" %} If your company uses an identity provider, you should consider upgrading and configuring [Single Sign-On](https://help.avion.io/docs/security/single-sign-on) instead. {% endhint %} ### Configuring two-factor authentication You can configure two-factor authentication using a time-based one-time password (TOTP) application on your mobile or desktop device. Many TOTP apps support the secure backup of your authentication codes in the cloud and can be restored if you lose access to your device. #### To configure 2FA: 1. Head to your Account settings 2. In the "Two-factor authentication" section, click **Enable** 3. Confirm your password 4. On the QR code step, do one of the following: * Scan the QR code with your mobile TOTP app. After scanning, the app will display a six-digit code * If you can't scan the QR code, click **secret key** to copy the code for manual setup in your TOTP app instead 5. Confirm your six-digit code to finish setup ### Recovery codes Recovery codes are the only way to access your account should you lose your phone or delete your authenticator app. Please note that each code may only be used once. Your recovery codes are provided at the time that you set up 2FA, but you can always find them again in your Account settings. {% hint style="danger" %} **Don't forget to save a copy of your recovery codes separately for safekeeping.** Our support team will not be able to restore access to your account. {% endhint %} ### Multiple devices To configure authentication via TOTP on multiple devices, during setup, scan the QR code using each device at the same time or save the "setup key", which is the TOTP secret. If 2FA is already enabled and you want to add another device, you must re-configure your TOTP app from your security settings.