Two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your account. When enabled, signing in requires both your password and a time-based one-time code (TOTP) from an authenticator app.

2FA is set per account, not per workspace — enabling it protects your sign-in everywhere.

Setting up 2FA

  1. Click your name at the bottom of the sidebar, open Settings, and go to the Security tab
  2. Click Enable 2FA
  3. Scan the QR code with your authenticator app (Google Authenticator, Authy, 1Password, or similar) — or enter the setup key manually if you can't scan
  4. Enter the 6-digit code from your app to confirm

2FA isn't active until you confirm with a valid code, so you can't lock yourself out mid-setup.

Signing in with 2FA

Once 2FA is enabled, the sign-in flow adds one step:

  1. Enter your email and password as usual
  2. You're prompted for a verification code
  3. Open your authenticator app and enter the current 6-digit code
  4. You're signed in

Disabling 2FA

  1. Go to Settings, then the Security tab
  2. Click Disable 2FA and confirm

You can re-enable it at any time; you'll go through setup again with a fresh QR code.

If you're locked out

If you lose access to your authenticator app, email support@mcp.agentic-accounting.com from the email address on your account and we'll help you recover it. Consider storing your authenticator's own backup (most apps support encrypted backups or multi-device sync) so this doesn't happen.

Do I need 2FA?

2FA isn't required, but we strongly recommend it — especially for workspace owners, whose accounts control team membership, billing, API keys, and webhooks. It takes a few minutes to set up and significantly reduces the risk of unauthorized access.

Next steps

Learn about plans and billing to manage your subscription.