# Two-factor authentication (2FA)

#### 2FA (two-factor authentication) is a security method that requires two verification factors to confirm a user’s identity, making accounts much harder to compromise even if a password is stolen.

***

## General information

**Xopero ONE** supports two-factor authentication (2FA) based on an authenticator application. To use 2FA with your **Xopero ONE** account, you must first enable it in the **Xopero ONE Management Service** (**XMS**) admin panel and then complete the setup.

{% hint style="danger" %}
You can always enable or disable two-factor authentication for your own account. To manage 2FA settings for other users, you must have the **UserManagement** permission.
{% endhint %}

***

## Enabling 2FA in Xopero ONE

{% stepper %}
{% step %}
Click your profile icon in the top-right corner of your **XMS** panel and select **Account**.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2FAs0eez28YqjPTDyicHul%2Fimage.png?alt=media&#x26;token=110a8de3-f99e-4d01-857e-4c3e67eb7865" alt=""><figcaption><p><em>Account settings in XMS.</em></p></figcaption></figure>

{% endstep %}

{% step %}
Toggle **Two-factor authentication** button and click **Save** in the bottom-right.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2FS2e1jB8AFckgpRYCU0am%2Fimage.png?alt=media&#x26;token=1d90b1dd-0702-40a8-bcf9-69d102f1d7f2" alt=""><figcaption><p><em>2FA option turned on.</em></p></figcaption></figure>
{% endstep %}

{% step %}
You will see the change confirmation in the top-right corner of the screen. Once done, log out of your **XMS**, then log back in to trigger 2FA setup.
{% endstep %}
{% endstepper %}

***

## 2FA setup in Xopero ONE

{% hint style="danger" %}
After you enable 2FA in **XMS**, you will be prompted to complete the authenticator app setup during your next login. After the setup is complete, all subsequent logins will require successful two-factor verification.
{% endhint %}

{% stepper %}
{% step %}
Scan the QR code or copy the secret key to your authenticator app.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2FOMmC0PjOScYkBN8Ehbv8%2Fimage.png?alt=media&#x26;token=26ebb557-cb40-4b30-8fc7-ba0dbad846f2" alt="" width="473"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Enter the code from your authenticator app in the designated fields. Once done, click **Verify now** to finish the application setup.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2FaJfGO4Dt8iXauGCj1zez%2Fimage.png?alt=media&#x26;token=1f570c27-eecf-41ca-8025-e6163db7bc9d" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
If the verification is successful, you will see a confirmation message.

Below the message you will find your recovery codes — save them before you go to the management console app. If you fail o save the codes right away, you can generate them later in your **XMS** account settings.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2FfBgbHd1ZVIuY0JAjO5yM%2Fimage.png?alt=media&#x26;token=6d228d5a-e6f9-4b66-81c2-57c48b1021c7" alt="" width="521"><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Your 2FA setup is now complete. Next time you login to your **XMS** panel, you will be prompted to verify yourself with 2FA.
{% endstep %}
{% endstepper %}

***

## Recovery codes

If you lose access to your authenticator app, you can log in to **Xopero ONE Management Service** using one of the recovery codes generated during 2FA setup.

{% hint style="danger" %}
**Each code is valid for a single login only** — once used, it expires.
{% endhint %}

Unused codes do not expire over time; they remain active until used or until new codes are generated, either manually or by re-registering the **2FA**.

If you have used several codes or suspect they have been compromised, you can generate a new set by going to ⚙️ **Settings** > **Accounts** > **Edit account** and clicking **Generate recovery codes** button.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2F4hPWgZM63VxxQs0zwssO%2FMulti-factor%20authentication%20-%20Generate%20new%20codes.png?alt=media&#x26;token=d6665c09-cd8a-4828-8a48-f53eabf6e8af" alt=""><figcaption></figcaption></figure>

***

## Reconfiguring the authenticator app

{% stepper %}
{% step %}
Log in to your account (use a recovery code if your authentication device is lost or otherwise unavailable).
{% endstep %}

{% step %}
Go to **⚙️ Settings** > **Accounts** > **Edit account**.
{% endstep %}

{% step %}
Toggle **Two-factor authentication** off to disable it and **save the change**. Then toggle it back on and **save the change again**.

<figure><img src="https://319733277-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F0CBTl43C3OO6ySL1DJ6k%2Fuploads%2Fm23swjDwX4BZcMXL72lG%2FMulti-factor%20authentication%20-%20Disable%202fa.png?alt=media&#x26;token=bfcaacaf-a2de-4b0b-8797-2e563660ba46" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Your 2FA configuration is now reset. During your next sign-in, you will be prompted to complete the authenticator app setup.
{% endstep %}
{% endstepper %}