# Setting up 2FA/MFA

Go to *My Profile* and click *Edit:*

<figure><img src="https://content.gitbook.com/content/qPYuWxfmxFk6sz1LLLwd/blobs/S5qM5TvsCpdYQxFGlZtk/up-edit.png" alt=""><figcaption></figcaption></figure>

Then scroll down to the section *Two-factor methods* and choose which one you want to activate.

{% hint style="info" %}
Whatever the method you will choose to configure next, please be prepared to do backup of your **Recovery backup codes** - as those are generated during the initial/first setup.
{% endhint %}

### One time password

This method is based on time-based codes (TOTP), generated by an app.

Before you start to configure this step, you need to choose an app for generating your TOTP codes. Most popular are:

* [Google Authenticator for Android/iPhone/iPad](https://support.google.com/accounts/answer/1066447)
* [Bitwarden](https://bitwarden.com/help/authenticator-keys/) - which is a password manager which can help you to store/generate a secure password for your Defguard login but also setup TOTP

In this example, we will set up using Google Authenticator.

Click on the *gear* icon for *One time password* and ***Enable**:*

<figure><img src="https://content.gitbook.com/content/qPYuWxfmxFk6sz1LLLwd/blobs/9Vg9EPao1Ys6SY76B80e/otp1.png" alt=""><figcaption></figcaption></figure>

A set up screen will show up with a QR Code:

<figure><img src="https://content.gitbook.com/content/qPYuWxfmxFk6sz1LLLwd/blobs/Px5AcauZd6dCEdO95K3j/otp2.png" alt=""><figcaption></figcaption></figure>

Now open *Authenticator* mobile app, and click: ***Add a code -> Scan a QR code*****&#x20;and scan the QR Code with the app**.

After doing that, a new screen will show on the *Authenticator* app, that will generate codes for Defguard:

<figure><img src="https://content.gitbook.com/content/qPYuWxfmxFk6sz1LLLwd/blobs/aXJIOiTZg88KHhNXNFr2/authenticator.png" alt="" width="188"><figcaption></figcaption></figure>

**Enter the code you see on the mobile app**, to confirm, that the process has been done correctly (Defguard will now validate the code).

After the code has been validated, either:

* you are all set, the method is enabled, and you will be logged out to log in again using MFA
* or you [will need to create a backup of your recovery codes](#backing-up-recovery-codes) - and after that you will be logged out as well.

### Backing up recovery codes

If you are configuring the 2FA/MFA for the first time with any selected method, at the end of the process you will be asked to create a backup of your recovery codes:

<figure><img src="https://content.gitbook.com/content/qPYuWxfmxFk6sz1LLLwd/blobs/6tSZJeAMZgBuTwlugRB1/recovery.png" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
Please backup those codes in a safe place, if you will not be able to login with your 2FA method (eg. you lost your phone or YubiKey hardware key) - the only method to login will be to use one of the **recovery codes.**
{% endhint %}