Two-Factor Authentication - apviso [APVISO](/)Product Resources Developers Company [Pricing](/#pricing)[Partners](/partners)[Enterprise](/enterprise) [Login](/login)[Start free pentest](/register?intent=free-local-pentest) [Login](/login)[Start free](/register?intent=free-local-pentest) [Home](/)[Knowledge Base](/docs)Two-Factor AuthenticationAccount & SecurityTwo-Factor Authentication ========================= Secure your account with TOTP-based two-factor authentication and recovery codes. Why Enable 2FA? --------------- Two-factor authentication adds an extra layer of security to your APVISO account. Even if your password is compromised, an attacker cannot access your account without the second factor. Given that APVISO manages security-sensitive data about your applications, enabling 2FA is strongly recommended. Setting Up 2FA -------------- 1. Navigate to **Settings → Security**. 2. Click **Enable Two-Factor Authentication**. 3. Pentest the QR code with your authenticator app (Google Authenticator, Authy, 1Password, etc.). 4. Enter the 6-digit code from your authenticator app to confirm setup. 5. 2FA is now active. Recovery Codes -------------- After enabling 2FA, APVISO generates 10 single-use recovery codes. These are your backup if you lose access to your authenticator app. - **Save them securely** — download the codes and store them in a password manager or a secure offline location. - Each code can only be used once. - When you use a recovery code to log in, you will be prompted to set up a new authenticator. You can regenerate recovery codes at any time from **Settings → Security → Regenerate Recovery Codes**. This invalidates all previous codes. Logging In with 2FA ------------------- After entering your email and password, you will see a second prompt asking for a 6-digit code. Enter the current code from your authenticator app. If you do not have access to your authenticator, click **Use Recovery Code** and enter one of your saved recovery codes. Disabling 2FA ------------- 1. Go to **Settings → Security**. 2. Click **Disable Two-Factor Authentication**. 3. Enter a current 2FA code or recovery code to confirm. 4. 2FA is disabled. Disabling 2FA is not recommended unless you are migrating to a new authenticator app. In that case, disable and immediately re-enable. 2FA for Team Accounts --------------------- On **Enterprise** tiers, account administrators can enforce 2FA for all team members. When enforced, team members must set up 2FA on their next login or they will be unable to access the dashboard. Supported TOTP Apps ------------------- APVISO's 2FA uses the TOTP (Time-based One-Time Password) standard (RFC 6238). Any TOTP-compatible app works: - Google Authenticator - Authy - 1Password - Bitwarden - Microsoft Authenticator - YubiKey Authenticator ### Related Articles [Notification Preferences Configure how and when APVISO notifies you — via email, Slack, webhooks, or in-app notifications.](/docs/notification-preferences)[Generating API Keys How to create and manage API keys for programmatic access to the APVISO API.](/docs/generating-api-keys) [Back to Knowledge Base](/docs) [APVISO](/)Autonomous AI-powered penetration testing for modern web applications. Subscribe [](https://github.com/apviso)[](https://x.com/Apviso_com)[](https://www.linkedin.com/company/apviso/) [![Featured on Good AI Tools](https://goodaitools.com/assets/images/badge.png)](https://goodaitools.com/ai/apviso) Product - [Features](/#features) - [Pricing](/pricing) - [Integrations](/integrations) - [Benchmarks](/#compare) - [Affiliate Program](/affiliate) - [Partners](/partners) - [Enterprise](/enterprise) Resources - [Blog](/blog) - [Use Cases](/use-cases) - [Glossary](/glossary) - [Comparisons](/comparisons) - [Alternatives](/alternatives) - [Compliance](/compliance) - [Vulnerabilities](/vulnerabilities) - [Industries](/industries) - [OWASP APTS](/trust/apts) Developers - [Knowledge Base](/docs) - [API Reference](/docs/api) - [MCP Server](/docs/mcp) Company - [About](/about) - [Contact](/contact) - [Status](https://status.apviso.com) - [Privacy Policy](/legal/privacy) - [Terms of Service](/legal/terms) © 2026 APVISO. All rights reserved.