> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/pass-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/pass-support/user-guide/manage-2-step-verification.md).

# Manage 2-Step Verification

## 1. What Is 2-Step Verification?

When 2-Step Verification is enabled, signing in requires two steps:

1. Enter your primary credentials (such as email and password, or passkey)
2. Complete an additional verification step using an approved method

This helps protect your account even if your password is compromised.

***

## 2. Access 2-Step Verification Settings

1. Go to **Profile**
2. Select **2-step verification**

On this page, you can:

* View whether 2-Step Verification is enabled
* See which verification methods are available
* Set up additional methods
* Review which method is currently active

***

## 3. Enable or Disable 2-Step Verification

Whether you can turn 2-Step Verification on or off depends on your organization’s policy.

#### If 2-Step Verification is optional

You can use the toggle at the top of the page to enable or disable it.

#### If 2-Step Verification is required

The toggle may be locked or hidden, and 2-Step Verification cannot be turned off.

#### If 2-Step Verification is disabled by policy

The feature may not be available for your account.

***

## 4. Available Verification Methods

Your organization determines which methods are allowed.

Common methods include:

* **Email** – Receive a verification code by email
* **Passkey** – Use Face ID, fingerprint, or device passcode
* **Authenticator app** – Enter a 6-digit code generated by an authenticator app
* **Security key** – Use a hardware security key
* **Biometric verification** – Complete a liveness check (if enabled by your organization)

***

## 5. Set Up a Verification Method

1. Open **2-step verification**
2. Select a method marked **Not set up**
3. Follow the setup instructions
4. Complete any required verification
5. Return to the 2-Step Verification page

Once configured, the method will display a status such as:

* Enabled
* Active
* Default

***

## 6. Recommended Setup

For better account security, we recommend enabling more than one verification method.

Suggested configuration:

1. Passkey (recommended)
2. Authenticator app
3. Email as a fallback method

Having multiple methods helps ensure you can still sign in if one method becomes unavailable.

***

## 7. Sign In with 2-Step Verification

When you sign in:

1. Enter your primary credentials
2. Complete the required verification method
3. Access your account

If multiple methods are available, Oten Pass may:

* Automatically choose the most secure method, or
* Allow you to select another method

This behavior depends on your organization’s security settings.

***

## 8. Method Status Indicators

You may see status labels such as:

* **Default** – The primary method used by default
* **Enabled** – The method is configured and ready to use
* **Active** – The method is currently available
* **Not set up** – The method is allowed but not configured

***

## 9. Organization Policy Restrictions

Your organization controls:

* Whether 2-Step Verification is mandatory
* Which methods are allowed
* Which methods are required
* Whether the feature can be disabled
* Which method is used by default

As a result, your settings may differ from other users.

***

## 10. Troubleshooting

#### I cannot disable 2-Step Verification

Your organization may require it for all users.

#### A method is shown but cannot be edited

Your organization may restrict changes to that method.

#### I do not see a method that I expect

It may not be enabled by your organization.

#### I cannot sign in because my method is unavailable

Use another configured method or contact your organization administrator.

***

## 11. Important Notes

* 2-Step Verification protects your account during sign-in.
* Organization policies determine which options are available.
* Some methods may require additional device permissions (such as Face ID or camera access).
* We strongly recommend configuring more than one verification method.
* If you lose access to all methods, your organization administrator may need to help recover your account.
