It's a dangerous world out there! But you can make things much safer by enabling two-factor authentication in your RevenueCat account settings.
Once you do, you'll need a code generated on your mobile device any time you log in to your RevenueCat account.
# Enabling Two-Factor Authentication
## 1. Set up
Navigate to your [**Account > Security**](🔗) settings in the RevenueCat dashboard and click **Set up** under Two-factor Authentication to begin the setup process.
## 2. Scan barcode
You'll be prompted to re-enter your password. Once re-authenticated, you'll be presented with a QR code that you should scan with an authenticator app such as [Authy](🔗) or [Google Authenticator](🔗).
## 3. Enter two-factor code
Enter the two-factor code from the authenticator app then click **Enable**.
## 4. Save recovery codes
Save your recovery codes. You'll only be shown these codes once, and are required if you ever lose access to your authenticator app. Some authenticator apps, like Authy, also provide their own backups in case you lose your phone.
Save recovery codes in a safe place
If you ever lose access to your two-factor code from your authenticator app (e.g. you got a new phone) the recovery codes are required to access RevenueCat.
For security reasons, RevenueCat Support may not be able to restore access to accounts with two-factor authentication enabled if you lose your two-factor authentication credentials or lose access to your account recovery codes.
# Disabling Two-Factor Authentication
To disable two-factor authentication vavigate to your [**Account > Security**](🔗) settings in the RevenueCat dashboard and click **Disable** under Two-factor Authentication.
# Audit Two-Factor Setup
If you have invited collaborators to your app, you can check if they've enabled two-factor authentication for their account under the [Collaborators view](🔗) .