# Two-factor authentication

Two-factor authentication (2FA) adds a time-based code to your login. You’ll need an authenticator app in addition to your password.

{% hint style="success" %}
Available on **Plus**, **Pro**, and **Enterprise** plans.
{% endhint %}

#### How 2FA works

After you enter your email and password, Screendesk asks for a 6-digit code. The code comes from a TOTP authenticator app (Google Authenticator, Authy, 1Password, etc).

During setup you also get **16 one-time recovery codes**. Use them if you lose access to your authenticator app.

#### Enable 2FA

2FA is enabled per user. Admins can’t enforce it workspace-wide.

<figure><img src="https://3820804400-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FfW6XSzJSKsNyZnOkSJPt%2Fuploads%2FGWjWphv4lz0eOxe3FhoW%2FCleanShot%202026-02-05%20at%2021.21.04%402x.png?alt=media&#x26;token=1f238f50-b745-49df-9442-c82cd011d9f8" alt=""><figcaption></figcaption></figure>

{% stepper %}
{% step %}

#### Open your Security settings

Go to **Personal settings → Security**.
{% endstep %}

{% step %}

#### Save your recovery codes

You’ll see 16 recovery codes. Download, print, or copy them and store them somewhere safe. Each code can only be used once.

{% hint style="warning" %}
Treat recovery codes like a password. If you lose both your authenticator device and recovery codes, you can get locked out.
{% endhint %}
{% endstep %}

{% step %}

#### Scan the QR code

Open your authenticator app and scan the QR code. The app will start generating codes for Screendesk.
{% endstep %}

{% step %}

#### Verify

Enter the 6-digit code from your authenticator app. Click **Continue** to activate 2FA.
{% endstep %}
{% endstepper %}

#### Log in with 2FA

1. Enter your email and password as usual.
2. Enter the 6-digit code from your authenticator app.
3. If you can’t access the app, use a recovery code.

#### Disabling 2FA

Go to **Personal settings → Security** and disable 2FA. This clears your secret key and invalidates any unused recovery codes.

#### FAQ

<details>

<summary>Which authenticator apps are supported?</summary>

Any TOTP-compatible authenticator app works. Examples include Authy, Google Authenticator, Microsoft Authenticator, and 1Password.

</details>

<details>

<summary>What happens if I lose my authenticator device?</summary>

Use a recovery code to log in. Then disable and re-enable 2FA to register a new device.

</details>

<details>

<summary>Can an admin force all users to enable 2FA?</summary>

Not currently. Each user enables 2FA for their own account.

</details>

<details>

<summary>What happens if I downgrade to the Free plan?</summary>

If 2FA is already enabled, it stays enabled. You can’t set up 2FA from scratch on the Free plan.

</details>