Expensify · twisterdotcom · Sep 15, 2025 · Sep 15, 2025 · Sep 15, 2025 · Sep 15, 2025
@@ -1,72 +1,91 @@
 ---
 title: Two-Factor Authentication (2FA)
-description: Add an extra layer of security for your Expensify login
-keywords: [two-factor authentication, 2FA, security settings, authenticator app, recovery codes, login security]
+description: Learn how to set up, use, and recover your Expensify account with two-factor authentication (2FA), including lost device and admin recovery options.
+keywords: [Expensify Classic, two-factor authentication, 2FA, login security, authenticator app, recovery codes, locked out, lost phone, account recovery, Domain Admin reset]
 ---
 
-Enabling two-factor authentication (2FA) adds an extra layer of security to help protect your financial data. This adds a secondary login step using a code generated by an authenticator app like Google Authenticator or Microsoft Authenticator.
+Two-factor authentication (2FA) adds an extra layer of protection to your Expensify account. This guide covers setup, login expectations, recovery steps if you lose access, and admin override options.
 
 ---
 
-# How Two-Factor Authentication Works
+# How two-factor authentication works
 
-After entering your login email and magic code, Expensify will prompt you for a 6-digit verification code generated by your authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy. Each code is time-based and refreshes every few seconds, ensuring that no code is ever reused. If the code expires, simply open the app to get a new one.
+When logging in:
+1. Enter your email and the magic code sent to your inbox.
+2. Enter a 6-digit code generated by your authenticator app (such as Google Authenticator, Microsoft Authenticator, or Authy).
+
+Codes refresh every few seconds. If one expires, simply open the app for a new code.
 
 ---
 
-# How to Enable Two-Factor Authentication in Expensify
+# How to enable two-factor authentication
 
-1. In the (on the left on web, and at the bottom on mobile), tap **Account > Security**.
-2. Under **Security options**, tap **Two-Factor Authentication**.
+1. From the left-hand menu, select **Account > Security**.
+2. Under **Security options**, select **Two-Factor Authentication**.
 3. Follow the prompts to enable 2FA.
-4. **Save your backup codes**—these are essential for account recovery.
-   - Tap **Download** to save the codes to your device.
-   - Tap **Copy** to paste the codes into a secure location.
-5. Tap **Next**.
-6. Open your authenticator app and connect it to Expensify by:
-   - Scanning the QR code, or
-   - Entering the setup code manually.
-7. Enter the 6-digit verification code and tap **Verify**.
+4. **Save your backup codes**—these are essential for account recovery.  
+   - Select **Download** to save the codes securely.  
+   - Select **Copy** to paste them into a password manager or secure file.  
+5. Open your authenticator app and connect it to Expensify by:  
+   - Scanning the QR code, or  
+   - Entering the setup code manually.  
+6. Enter the 6-digit verification code and select **Verify**.
 
 ---
 
-# What to Expect When Logging In
+# What to expect when logging in
 
-Once 2FA is enabled, logging in will require two steps:
-1. Enter the **magic code** sent to your email.
-2. Open your authenticator app and enter the **6-digit verification code**. The code refreshes every few seconds, so use the most recent one available.
+After setup, login requires both:
+1. Your magic code (sent via email).  
+2. The 6-digit verification code from your authenticator app.
 
 ---
 
-# Recovery Codes
+# Recovery options
 
-Backup recovery codes allow you to log in to Expensify if you lose access to your authenticator app.
+Backup recovery codes work like one-time passwords. They are your fastest recovery method if you lose access to your authenticator app.
 
-Each recovery code works like a one-time password. You’ll receive several unique codes when setting up 2FA—make sure to:
+## If you still have recovery codes
+1. Log in with your email and magic code.  
+2. Enter one of your recovery codes instead of a 6-digit app code.  
+3. Disable 2FA, then re-enable it on your new device.  
 
-- **Store them in a safe, offline location** (such as a secure document or password manager).
-- **Never share your codes** with anyone.
-- **Use each code only once**—after it’s used, it becomes inactive.
+**Tip:** Store unused recovery codes in a secure, offline location. Each code can only be used once.
 
-If you lose your authenticator app and don’t have access to your recovery codes, you’ll need to contact Expensify support to verify your identity and regain access to your account.
+## If you lost your device and have no recovery codes
+- **Individual account**: You’ll need to create a new Expensify account with a different email. Concierge can assist with transferring access to any shared Workspaces.  
+- **Domain account**: A **Domain Admin** can reset your 2FA. Once reset, you’ll log in normally and set up 2FA again.
 
----
+# Admin recovery and overrides
 
-# FAQ
+## If a Domain Admin is available
+- Domain Admins can reset a member’s 2FA by going to:  
+  **Settings > Domains > [Domain Name] > Members > Security Settings**  
+- Select the member, then disable their 2FA.  
 
-## Why should I use 2FA?
+## If the enforcing Domain Admin has left
+1. Verify domain ownership by proving control of the domain’s email DNS or MX records.  
+2. Assign a new Domain Admin in **Settings > Domains > [Domain Name] > Domain Settings**.  
+3. Once the new admin is assigned, follow the steps above to reset 2FA for affected members.
 
-2FA significantly reduces the chance of unauthorized account access, even if someone obtains your login email or password. It’s a simple but powerful tool for protecting sensitive financial data.
+# Best practices
 
-## What happens if I lose my phone or uninstall the authenticator app?
+- Save your recovery codes as soon as you set up 2FA.  
+- Consider adding 2FA on multiple devices (e.g., phone and tablet) during setup for backup.  
+- Keep your device’s clock set to the correct time—codes depend on accurate timing.  
 
-Log in using one of your backup recovery codes. Then, disable 2FA and set it up again with your new device or app.
+---
 
-## Can I use 2FA on more than one device?
+# FAQ
 
-Yes. When setting up 2FA, you can scan the QR code with multiple devices (like your phone and tablet) to generate codes from both.
+## Why should I use 2FA?
+It prevents unauthorized access, even if someone has your login email or password.
 
-## What if my verification code isn’t working?
+## What if I lose my phone or uninstall the app?
+Use a recovery code to log in, then disable and re-enable 2FA on your new device.
 
-Make sure your device’s clock is set to the correct time. Authenticator apps rely on time-based tokens, so an inaccurate device clock can cause errors.
+## Can I use 2FA on more than one device?
+Yes. Scan the setup QR code with multiple devices when enabling 2FA.
 
+## What if my verification code isn’t working?
+Check your device’s time settings. Authenticator apps rely on accurate system clocks.