> ## Documentation Index
> Fetch the complete documentation index at: https://knowledge.goautonomous.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Two-factor authentication
> Add a second layer of security to your Go Autonomous account using an authenticator app.
Two-factor authentication (2FA) protects your Go Autonomous account by requiring a 6-digit code from an authenticator app in addition to your password each time you sign in.
When your organisation enables 2FA, every user is prompted to set up an authenticator app the next time they sign in. After enrollment, you'll be asked for a code from your app on every subsequent sign-in.
Two-factor authentication only applies to users who sign in with email and password. If your organisation signs in through SSO, sign-in security is handled by your identity provider.
## What you need
* An authenticator app installed on your phone or computer. Any TOTP-compatible app works, including:
* Google Authenticator
* Microsoft Authenticator
* 1Password
* Authy
* A safe place to store your recovery codes (e.g. a password manager).
## Set up two-factor authentication
The first time you sign in after your organisation enables 2FA, you'll be taken through a three-step enrollment flow. You cannot use Go Autonomous until enrollment is complete.
Open your authenticator app and scan the QR code shown on screen. If you can't scan the code, copy the **authenticator key** displayed below the QR code and paste it into your app manually.
Click **Continue** once your authenticator app shows a 6-digit code for Go Autonomous.
Enter the current 6-digit code from your authenticator app and click **Verify**. This proves that your app is set up correctly.
If the code is rejected, double-check that you scanned the right QR code and that your device's clock is accurate — TOTP codes are time-based and will fail if your phone is more than a minute or two out of sync.
Go Autonomous generates a set of one-time **recovery codes**. Save them somewhere safe — a password manager is ideal. You'll need a recovery code if you ever lose access to your authenticator app.
Tick **I have saved these recovery codes in a safe place**, then click **Continue** to finish enrollment and enter the platform.
Recovery codes are only shown once. If you lose them and lose access to your authenticator app, an administrator will need to reset your 2FA.
## Sign in with two-factor authentication
Once you're enrolled, every sign-in includes one extra step:
1. Enter your email and password as usual.
2. On the **Two-factor authentication** screen, enter the 6-digit code from your authenticator app.
3. Click **Continue**.
If you don't have access to your authenticator app, enter one of your **recovery codes** in the same field instead. Each recovery code can only be used once.
## When 2FA applies
| Sign-in method | 2FA required? |
| -------------------- | -------------------------------------- |
| Email and password | Yes, once your organisation enables it |
| Single sign-on (SSO) | No — handled by your identity provider |
| API keys | No |
## Lost your authenticator app
If you've lost access to your authenticator app:
1. Try a **recovery code** at the two-factor sign-in step. Each code works once.
2. If you have no recovery codes left, contact an administrator at your organisation. They can reset your 2FA enrollment, after which you'll be prompted to set up a new authenticator on your next sign-in.