---
title: Two-factor authentication (2FA)
description: How to set up two-factor authentication (2FA), an opt-in feature that provides additional security for DataRobot users.
---

# Two-factor authentication {: #two-factor-authentication }

Two-factor authentication (2FA) is an opt-in feature that provides additional security for DataRobot users. 2FA in DataRobot is based on the Time-based One-Time Password algorithm (<a target="_blank" href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm">TOTP</a>), the IETF RFC 6238 standard for many two-factor authentication systems. It works by generating a temporary, one-time password that must be manually entered into the app to authenticate access.

To work with 2FA, you use an authentication app on your mobile device (for example, <a target="_blank" href="https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DAndroid&hl=en">Google Authenticator</a>). If you haven't already done so, install and register an app on your device. You will use the app to scan a DataRobot-provided QR code, which will, in turn, generate authentication and recovery codes.

DataRobot provides a series of recovery codes for use if you lose access to your default authentication method.

!!! warning
	Before completing two-factor authentication, download, copy, or print these codes and save them to a secure location.

!!! tip
    When you enable 2FA, all API endpoints that validate username and password require secondary authentication.

See the [troubleshooting](2fa-help){ target=_blank } section for additional information.

##  Set up 2FA {: #set-up-2fa }

To enable 2FA:

1. From the [**Profile**](profile-settings) page, on the **Security** tab, switch the **Two-Factor Authentication** toggle to on:

	![](images/2fa-1.png)

	A dialog box opens to the first step of the setup process:

	![](images/2fa-2.png)

2. Open the authenticator app on your device and select the option that allows you to scan a barcode. (On Google Authenticator, click the `+` sign and choose "Scan barcode.")

3. Scan the QR code shown in the dialog box; your device displays a 6-digit code. (If you have trouble scanning, see the [alternate option](#non-qr-code-method).) Or, if you receive an error, see the [troubleshooting](2fa-help){ target=_blank } section.

4. Enter the code (no spaces) into the box at the bottom of the screen and click **Verify**. <a name="step-4"></a>

	![](images/2fa-3.png)

5. Once verified, DataRobot returns 20 recovery codes for your use if you lose access to your default authentication method. ***Save these codes in a secure place.***

	![](images/2fa-5.png)

6. Select a method for saving your codes and click **Complete**. DataRobot briefly displays a notice that two-factor authentication is enabled.

###  Non-QR code method {: #non-qr-code-method }

If you could not scan the QR code:

1. From the dialog box, choose **Try this instead**:

	![](images/2fa-4.png)

	DataRobot displays your registered email address and a code for use with your app.

2. In your authenticator app, manually generate a code. For example, in Google Authenticator, click the `+` sign and choose "Manual entry."

3. Enter the credentials displayed in the dialog box. Note:

	* the code is not case-sensitive
	* spaces are optional, as most apps remove them when you enter the characters.

	The authenticator app returns a 6-digit code.

4. Enter the code (no spaces) into the box at the bottom of the screen and click **Verify**. Return to [step 4 of "Set up 2FA"](#set-up-2fa), above. Or, if you receive an error, see the [troubleshooting](2fa-help){ target=_blank } section.

##  Use 2FA {: #use-2fa }

After you enable and set up 2FA, you will be prompted for a code each time you log into DataRobot. (You are also prompted for an authentication code when requesting a password reset from the login page.) Open DataRobot and enter your email and password, or sign in with Google. You are prompted for an authentication code:

![](images/2fa-6.png)

If you have your mobile device available, open the authenticator app and enter the 6-digit code displayed. If you do not have your device, click **Switch to recovery code** and enter one of the codes from your saved list of codes.

When you've entered the code, click **Verify**. DataRobot validates your account and opens the application.

