# Two-factor authentication / MFA ilert supports two-factor authentication setups for every user account, unrelated to the purchased subscription plan. You may activate multiple 2FA methods e.g. authenticator app as backup for your U2F device. ## Two-factor methods ### Code generation apps Most used / common authenticator apps: | App name | Apple Appstore | Google Playstore | | ----------------------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | | Google Authenticator | [Link](https://apps.apple.com/de/app/google-authenticator/id388497605) | [Link](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2\&hl=de\&gl=US) | | Duo Mobile | [Link](https://apps.apple.com/de/app/duo-mobile/id422663827) | [Link](https://play.google.com/store/apps/details?id=com.duosecurity.duomobile\&hl=de\&gl=US) | | Authy | [Link](https://apps.apple.com/de/app/twilio-authy/id494168017) | [Link](https://play.google.com/store/apps/details?id=com.authy.authy\&hl=de\&gl=US) | | Microsoft Authenticator | [Link](https://apps.apple.com/de/app/microsoft-authenticator/id983156458) | [Link](https://play.google.com/store/apps/details?id=com.azure.authenticator\&hl=de\&gl=US) | ### Face ID, Touch ID, Apple Watch or other device authentication Even if you are not in possession of a hardware token like a Yubico Security Key, you may choose the option "Use security key" with supporting Apple or Microsoft devices that offer biometrical authentication sensors e.g. Touch ID or double-tap on Apple Watch. Do not forget that you have to register and validate again, meaning **you will be asked to verify twice during the setup** of this 2FA option. ### Hardware tokens / FIDO (U2F) Keys If available you may select "**Use security key**" option with your U2F / [WebAuthn](https://www.w3.org/TR/webauthn-2/) supporting devices such as Yubico Security Keys. Do not forget that you have to register and validate again, meaning **you will be asked to verify twice during setup** of this 2FA option. ## FAQ ### I lost my authenticator app / TOTP generator / device how can I access my account? If you have lost your app or device you may use your recovery-codes, handed out during initial setup of your 2FA to get access to the account. **Note**: you were handed out 5 recovery codes only and each becomes burnt when it is used. So it is highly advised to immediately use the recovery codes to access and remove 2FA from your account (requires at least 2 recovery codes). Once removed you may set up 2FA again using a new device / app. In case you were using a FIDO device or you have lost / burnt your recovery codes you will need to contact [ilert support](https://docs.ilert.com/users-and-access-management/broken-reference) providing additional details of verification e.g. passport to have 2FA reset from your account. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ilert.com/users-and-access-management/two-factor-authentication-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.