# Setting up 2FA/MFA

Go to *My Profile* and click *Edit:*

<figure><img src="https://3466771104-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fe86iamwJVSYnIRsyVEAV%2Fuploads%2Fgit-blob-5d8a7e36f208937d721733112826434f69af611f%2Fup-edit.png?alt=media" alt=""><figcaption></figcaption></figure>

Then scroll down to the section *Two-factor methods* and choose which one you want to activate.

{% hint style="info" %}
Whatever the method you will choose to configure next, please be prepared to do backup of your **Recovery backup codes** - as those are generated during the initial/first setup.
{% endhint %}

### One time password

This method is based on time-based codes (TOTP), generated by an app.

Before you start to configure this step, you need to choose an app for generating your TOTP codes. Most popular are:

* [Google Authenticator for Android/iPhone/iPad](https://support.google.com/accounts/answer/1066447)
* [Bitwarden](https://bitwarden.com/help/authenticator-keys/) - which is a password manager which can help you to store/generate a secure password for your Defguard login but also setup TOTP

In this example, we will set up using Google Authenticator.

Click on the *gear* icon for *One time password* and ***Enable**:*

<figure><img src="https://3466771104-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fe86iamwJVSYnIRsyVEAV%2Fuploads%2Fgit-blob-a9e4105c60ab13a90ec45070671a88da0e6bae62%2Fotp1.png?alt=media" alt=""><figcaption></figcaption></figure>

A set up screen will show up with a QR Code:

<figure><img src="https://3466771104-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fe86iamwJVSYnIRsyVEAV%2Fuploads%2Fgit-blob-d79ac56d80a9176bd91b1f3d6572a98c8043b404%2Fotp2.png?alt=media" alt=""><figcaption></figcaption></figure>

Now open *Authenticator* mobile app, and click: ***Add a code -> Scan a QR code*****&#x20;and scan the QR Code with the app**.

After doing that, a new screen will show on the *Authenticator* app, that will generate codes for Defguard:

<figure><img src="https://3466771104-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fe86iamwJVSYnIRsyVEAV%2Fuploads%2Fgit-blob-f86e2f1e009b832b6232136771b87eec6cf05084%2Fauthenticator.png?alt=media" alt="" width="188"><figcaption></figcaption></figure>

**Enter the code you see on the mobile app**, to confirm, that the process has been done correctly (Defguard will now validate the code).

After the code has been validated, either:

* you are all set, the method is enabled, and you will be logged out to log in again using MFA
* or you [will need to create a backup of your recovery codes](#backing-up-recovery-codes) - and after that you will be logged out as well.

### Backing up recovery codes

If you are configuring the 2FA/MFA for the first time with any selected method, at the end of the process you will be asked to create a backup of your recovery codes:

<figure><img src="https://3466771104-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fe86iamwJVSYnIRsyVEAV%2Fuploads%2Fgit-blob-4f6040fdcf6718c105741f39391bb3d72e7f1fc4%2Frecovery.png?alt=media" alt=""><figcaption></figcaption></figure>

{% hint style="danger" %}
Please backup those codes in a safe place, if you will not be able to login with your 2FA method (eg. you lost your phone or YubiKey hardware key) - the only method to login will be to use one of the **recovery codes.**
{% endhint %}