<h1>Two-factor authentication</h1><blockquote>In a nutshell: Two-factor authentication adds a second step to login — after your password, you enter a code from an authenticator app on your phone. We strongly recommend enabling it.</blockquote><h2>Why enable 2FA?</h2>Your password protects your account. But if someone learns your password (through phishing, a data breach on another site, or simple guessing), they could access your Tresor account.With 2FA enabled, a password alone isn't enough. An attacker would also need your physical phone with the authenticator app — making unauthorized access significantly harder.<blockquote>🔒 Privacy: Since your Tresor account holds the keys to your encrypted conversations, protecting it with 2FA means protecting all your private data.</blockquote><h2>What you'll need</h2>An authenticator app on your phone. Popular options include:<ul class="accent-bullets"><li>Google Authenticator (iOS / Android)</li><li>Microsoft Authenticator (iOS / Android)</li><li>Authy (iOS / Android / Desktop)</li><li>1Password or other password managers with TOTP support</li></ul><h2>Setting up 2FA</h2><ol class="steps-list"><li>Go to Settings → Security.</li><li>Click Set up 2FA.</li><li>Name your device (e.g., "Phone" or "Work phone") — this helps if you add multiple authenticators later.</li><li>Scan the QR code with your authenticator app. Or use the manual entry key if you prefer.</li><li>Enter the 6-digit code from your authenticator app.</li><li>Click Verify &amp; Enable.</li></ol>[Screenshot: The 2FA setup screen showing a QR code and a field for entering the 6-digit verification code]That's it. Next time you log in, Tresor will ask for your authenticator code after your password.<h2>Logging in with 2FA</h2><ol class="steps-list"><li>Enter your email and password as usual.</li><li>Tresor shows a verification screen.</li><li>Open your authenticator app and enter the current 6-digit code.</li><li>Click Verify to sign in.</li></ol>The code changes every 30 seconds. If it expires before you enter it, wait for the next one.<h2>Adding a backup authenticator</h2>We recommend registering a second device in case you lose access to your primary one. You can add up to 10 authenticators.<ol class="steps-list"><li>Go to Settings → Security.</li><li>Under your registered devices, click Add another.</li><li>Follow the same QR code scan process with your backup device.</li></ol><h2>Disabling 2FA</h2><ol class="steps-list"><li>Go to Settings → Security.</li><li>Click the options menu (⋯) next to the authenticator you want to remove.</li><li>Select Remove.</li><li>Enter a 6-digit code from that authenticator to confirm.</li><li>Click Verify &amp; Disable.</li></ol><blockquote>⚠️ Note: Disabling 2FA makes your account less secure. If you're disabling it to switch to a new phone, set up 2FA on the new phone first, then remove the old one.</blockquote><h2>What if I can't access my authenticator?</h2>If you've lost your phone or can't access your authenticator app:<ul class="accent-bullets"><li>If you have a backup authenticator: Use the backup device to log in and manage your 2FA settings.</li><li>If you don't have a backup: Contact Tresor support for help resetting your MFA. You'll need to verify your identity.</li></ul>This is why adding a backup authenticator is so important.<h2>Good to know</h2><ul class="accent-bullets"><li>2FA codes are time-based (TOTP) — they change every 30 seconds and work even without internet on your phone.</li><li>You can see all your registered authenticators and when they were added in Settings → Security.</li><li>2FA is per-account, not per-workspace. Once enabled, it protects access to all your Tresor workspaces.</li></ul><h2>Related articles</h2><ul class="accent-bullets"><li><a href="https://tresorai.productlane.com/docs/getting-started/creating-your-account" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Creating your account</a> — Account setup basics.</li><li><a href="https://tresorai.productlane.com/docs/account/managing-your-account" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">Managing your account</a> — Other account settings.</li><li><a href="https://tresorai.productlane.com/docs/privacy-and-security/how-tresor-protects-your-privacy" target="_blank" rel="noopener noreferrer" class="cursor-pointer box-border border-b hover:border-b-[2px] transition-all duration-75 " style="text-decoration: none; border-color: var(--portal-accent-color);">How Tresor protects your privacy</a> — The full security picture.</li></ul>

Account

Enable two-factor authentication (2FA) in Settings → Security to add an extra layer of protection. You'll need an authenticator app on your phone.