> ## Documentation Index
> Fetch the complete documentation index at: https://help.dash.fi/llms.txt
> Use this file to discover all available pages before exploring further.

# Two-factor authentication

> Set up authenticator-app or text-message two-factor authentication on your Dash.fi account and generate recovery codes.

Two-factor authentication (2FA) adds a second verification step to your login. Dash.fi supports two methods:

* **Authenticator app (TOTP)** — a 6-digit code generated by an authenticator app on your device. Recommended, works offline.
* **Text message (SMS)** — a 6-digit code sent to your phone.

You can enable either method, or both. Adding both gives you a fallback if one becomes unavailable.

## Set up 2FA

You'll be prompted to secure your account when you first sign in. On the **Secure your account** screen, choose **Authenticator app** or **Text message**. After you enrol one method you can add the other, or click **Continue to dashboard** to finish. If your organization doesn't require 2FA, you can also click **Skip for now** and set it up later from your profile.

### Authenticator app (recommended)

<Steps>
  <Step title="Install an authenticator app">
    Install an authenticator app on your mobile device. Dash.fi recommends **Google Authenticator** or **Authy**, both available for iOS and Android.
  </Step>

  <Step title="Generate your QR code">
    On the authenticator setup screen, click **Generate QR Code**. Dash.fi generates a unique QR code and setup key tied to your account.
  </Step>

  <Step title="Link your authenticator app">
    Open your authenticator app and scan the QR code, or manually enter the setup key shown on the screen. The app starts generating 6-digit codes.
  </Step>

  <Step title="Save your recovery codes">
    Dash.fi generates a set of one-time-use recovery codes. **Download and store them securely** — you'll need these if you lose access to your authenticator device. Each code can only be used once.
  </Step>

  <Step title="Confirm setup">
    Enter the current 6-digit code from your authenticator app to confirm the link is working. Setup is complete once the code is accepted.
  </Step>
</Steps>

### Text message

<Steps>
  <Step title="Enter your phone number">
    On the text-message setup screen, enter the mobile number you want to receive codes on. Dash.fi sends a 6-digit code by SMS.
  </Step>

  <Step title="Verify the code">
    Enter the code from the message to confirm the number. If it doesn't arrive, wait for the resend countdown to finish (30 seconds) and click **Resend code**.
  </Step>

  <Step title="Save your recovery codes">
    Dash.fi generates a set of one-time-use recovery codes. **Download and store them securely** — you'll need these if you lose access to your phone. Each code can only be used once.
  </Step>
</Steps>

## Manage 2FA methods

Go to **Profile → Security** to add or remove factors at any time:

* **Authenticator app** — click **+** to add, or the trash icon to remove.
* **Text message** — click **+** to add, or the trash icon to remove. The masked number is shown once verified.

You can have both methods enabled at the same time. When you sign in, Dash.fi picks a default method and you can switch to the other on the verification screen.

<Note>
  Your organization may require 2FA for everyone. If it does, you can't remove your only enrolled factor — add a second one first, then remove the one you don't want.
</Note>

Administrators with permission to change organization-wide MFA policy will also see a **Security** tab under **Settings**, where they can require 2FA for all members.

## Signing in with 2FA

After setup, each login that requires verification prompts you for a code.

* **Authenticator app** — enter the current 6-digit code from your authenticator app.
* **Text message** — Dash.fi sends a code automatically. Enter it from the message. To send a new code, wait for the resend countdown to finish and click **Resend code**.
* **Both enrolled** — pick which method to use from the verification screen.

If you no longer have access to either method, click **Use recovery code instead** and enter one of your saved recovery codes (format: `xxxx-xxxx-xxxx`). Each recovery code is single-use.

<Note>
  Switching to a different organization from the account switcher signs you into that organization in a fresh session. If that organization requires 2FA and you don't have a factor enrolled yet, you'll be asked to set one up before the dashboard loads.
</Note>

## Codes are being rejected

If your authenticator app is generating codes but Dash.fi rejects them as invalid, the most common cause is **phone clock drift** — when your device's clock falls out of sync, TOTP codes are generated for the wrong time window and fail validation.

To resolve this:

<Steps>
  <Step title="Enable automatic date & time on your phone">
    Open your phone's system settings and turn on automatic date and time. This keeps your device clock in sync with the network.
  </Step>

  <Step title="Sync time in Google Authenticator">
    Open Google Authenticator, then go to **Settings → Time correction for codes → Sync now**.
  </Step>

  <Step title="Remove the existing Dash.fi entry">
    Delete the old Dash.fi entry from your authenticator app.
  </Step>

  <Step title="Scan a fresh QR code">
    In Dash.fi, generate a new QR code and scan it with your authenticator app.
  </Step>

  <Step title="Enter the new code immediately">
    Enter the 6-digit code as soon as it appears to avoid the code expiring mid-entry.
  </Step>
</Steps>

If codes are still rejected after these steps, contact [support@dash.fi](mailto:support@dash.fi).

## SMS code didn't arrive

* Confirm the phone number on file under **Profile → Security → Text message**. If it's wrong, remove the factor and add it back with the correct number.
* Check your phone's signal and that SMS from short codes isn't blocked.
* Wait for the 30-second resend countdown to finish, then click **Resend code**.
* If nothing arrives after two attempts, switch to your authenticator app (if enrolled) or use a recovery code.

## Lost access to your authenticator or phone

If you've lost your device and don't have recovery codes, contact [support@dash.fi](mailto:support@dash.fi). The support team will verify your identity before resetting 2FA on your account.

When you get in touch, include:

* The email address on your Dash.fi account
* Your full name
* A brief description of what happened (for example, lost phone, new device, deleted the authenticator app, changed phone number)

The team may ask you to verify your identity with a government-issued ID or other documentation. Once your identity is confirmed, they'll reset 2FA and you can set it up again from your new device.

<Warning>
  Never share your 2FA codes or recovery codes with anyone, including Dash.fi support. Dash.fi staff will never ask you for them.
</Warning>
