Two factor authentication is a good way of increasing account security, by adding a second step to the normal login flow. In the case of [DeployHQ](https://www.deployhq.com), it simply consists of generating a code using your mobile device which you'll need to enter after logging in.

## Setting up two factor authentication

Two factor authentication can be set up via our single sign-on service, aTech Identity. Head [there](https://identity.deployhq.com/), then login with your [DeployHQ](https://www.deployhq.com) account details.

Next, go to **Two Factor Authentication** under Security Settings on the right hand side.

![2FA](https://blog.deployhq.com/attachment/6bb91db1-57ff-48b9-9742-8868f4858728/Screenshot%202019-02-26%20at%2010.55.35.png)

Then follow the steps to download an appropriate 2FA app (we recommend Google Authenticator, or Authy) on your mobile device. Once you've downloaded and set up the app, you can scan the QR code to set it up initially. This will generate a 6 digit code that you can enter, then, after clicking the Activate button it will be setup on your account.

![Configure 2fa](https://blog.deployhq.com/attachment/03c21660-f4fb-42f5-a075-bc6ff9f59f37/Screenshot%202019-02-26%20at%2010.59.22.png)

You'll then be presented with a recovery token which you must make a note of, as this will be required to reset your account, should you lose access to your mobile device.

Further information about the process, including recovering your account in the event of lost access to your mobile device can be found in our [documentation](https://www.deployhq.com/support/managing-your-account/personal-profile/two-factor-authentication).

## Require two factor authentication for all users

As well as being able to set up two factor authentication for your own login, if you're the administrator of a [DeployHQ](https://www.deployhq.com) account, you can set up two factor authentication enforcement, meaning they must set it up before they can login to your account.

To enable the option, simply head to **Settings** in your [DeployHQ](https://www.deployhq.com) account, then **Account & Access** :

![2fa enforcement](https://blog.deployhq.com/attachment/0e2aee5b-d42e-46ed-bdc8-c32705282557/p-HDODh-K.png)

Enable **Require all users to have two factor authentication enabled** at the bottom of the screen, then click **Update account**. Once this has been done users will be met with a prompt to set up two factor authentication when they login if they haven't done so.

You'll be able to monitor users to see if they have set it up in your **User Management** area.

![Check users](https://blog.deployhq.com/attachment/e1060fd6-1098-494c-81ec-ba76c0881267/KDPj-Zq-E.png)

Users with 2FA enabled will be marked with a shield icon, users without 2FA will have the same icon but greyed out with a strikethrough.

If you have any questions about this, or other aspects of the [DeployHQ](https://www.deployhq.com) service, please don't hesitate to [ask](mailto:support@deployhq.com).