Security & Compliance·Updated Mar 26, 2026

Two-Factor Authentication

Secure your account with authenticator apps, email codes, passkeys, and backup codes.

Overview

Two-Factor Authentication (2FA) adds an extra layer of security to your KendoAI account. When enabled, signing in requires both your password and a second verification method, protecting your account even if your password is compromised.

KendoAI supports multiple 2FA methods:

Authenticator App (TOTP) - Use apps like Google Authenticator, Authy, or 1Password to generate time-based codes

Email Verification - Receive a one-time code via email

Passkeys - Use biometric authentication (Face ID, Touch ID, Windows Hello) or hardware security keys

Backup Codes - One-time recovery codes generated when you first enroll in 2FA

Setting Up 2FA

To enable two-factor authentication on your account:
1. Go to Settings > Account Security
2. Under Two-Factor Authentication, click Set Up next to your preferred method
3. For Authenticator App: Scan the QR code with your authenticator app, then enter the 6-digit code to verify
4. For Email: Confirm your email address and enter the verification code sent to you
5. For Passkeys: Follow your browser's prompts to register a passkey (fingerprint, face scan, or security key)
6. After enrolling your first method, you'll receive backup codes — save these in a secure location
You can enable multiple 2FA methods simultaneously for flexible sign-in options.

Signing In with 2FA

Once 2FA is enabled, the sign-in process adds a verification step:

1. Enter your email and password as usual

2. You'll be prompted to verify with your enrolled 2FA method

3. Enter your authenticator code, email code, or use your passkey

4. If you can't access your primary method, click Use another method to try an alternative or enter a backup code

Your 2FA session remains valid for approximately 12 hours, so you won't need to re-verify on every page load.

Backup Codes

Backup codes are your safety net if you lose access to all your 2FA methods. Treat them like passwords:

- You receive a set of one-time backup codes when you first enroll in 2FA

- Each code can only be used once

- Store them in a secure location (password manager, printed copy in a safe place)

- You can regenerate backup codes from Account Security settings (this invalidates all previous codes)

- Regenerating codes requires a recent 2FA verification for security

Managing 2FA Methods

From Settings > Account Security, you can:

Add new methods - Enroll additional 2FA methods at any time

Remove methods - Disable a specific 2FA method (requires recent 2FA verification)

Regenerate backup codes - Get new backup codes if your current ones are used or compromised

If you remove all 2FA methods, two-factor authentication will be fully disabled on your account.

Admin: Resetting a User's 2FA

If a team member is locked out of their account due to 2FA issues, administrators can help:

- Go to Admin > User Management

- Find the locked-out user and open their details

- Click Reset 2FA Methods and confirm the action

- The user's 2FA enrollment will be cleared, allowing them to sign in with just their password and re-enroll in 2FA

This action requires admin confirmation and is logged for security purposes.

PreviousSecurity Overview

NextData Processing & Privacy

Still need help?

Can't find what you're looking for? Our team is here to help.