How to: Enable Two Factor Authentication in your account

Kadie Alexander
Kadie Alexander Expensify Success Coach - Admin, Expensify Team Posts: 113 Expensify Team
edited October 2022 in How-to Docs

You can now add an extra layer of security by enabling Two Factor Authentication (2FA) in your account. You can enable this on the web or in your mobile app by following the steps below.

Expensify Card holders

If you have an Expensify Card or want to offer it to your employees, it's critical that you enable 2FA either on the Account level or Domain level. Enabling 2FA will ensure you are not liable for any unknown purchase made on the Expensify Card.

Web

Head to Settings > Accounts > Account Details > Two Factor Authentication and toggle the switch to Enabled.

Save or download your Recovery Codes. It’s important to keep these safe! You WILL lose access to your account if you cannot use your authenticator app and do not have your recovery codes.

Use your favorite authenticator app to connect to Expensify using the QR code or click the link to enter the secret key manually.

Once connected, quickly enter the code generated by your app into Expensify before the timeframe runs out!

You’re all done! Don’t forget you’ll need your app handy when logging in.


Mobile

  1. In the Expensify app, head to Settings and toggle the switch next to Two Factor Authentication.
  2. Save or download your Recovery Codes. It’s important to keep these safe! You WILL lose access to your account if you cannot use your authenticator app and do not have your recovery codes.
  3. On the next tab, copy the Secret Key and enter it into your favorite authenticator app. Once connected, quickly enter the code generated by your app into Expensify before the timeframe runs out!
  4. You’re done! Moving forward, you’ll be prompted to verify your identity each time you log in.

Note: It is possible to set a manual time/date when setting this up on Android and iOS. We recommend you keep this set to Network as opposed to setting a manual timezone. Manual timezones can cause issues with authentication codes which validate based on timezones.


Using Recovery Codes

Using a recovery code to sign-in to your Expensify account should be a last resort. 

If you need to use a recovery code to sign-in to your Expensify account, you'll want to reset 2FA on your web app or mobile app once you've gained access to your account after using the recovery code. 

To reset 2FA, toggle off and toggle on 2FA in the Account Settings. This will allow you to follow the above steps to reconnect your Expensify account to an authenticator app and download new recovery codes.


Domain-wide Two Factor Authentication

Do you want to enable two factor authentication for your entire company? No problem!

Head to Settings > Domains > [Domain Name] > Domain Members > Two Factor Authentication and toggle the switch. This feature does require a verified domain (find the guide for that here).


If your domain users ever forget or lose their two factor authentication codes, come back to this Domain Members list and click Edit Settings on the affected user. Use the Reset option to help them regain access to their account.


Related links: