# Configure Two-factor Authentication using Email

Two-factor authentication adds a second checkpoint to the administrator sign-in: after the password is accepted, a one-time code delivered by email must also be entered. This page walks through turning that on with email as the delivery method.

## Before you begin

Make sure the [system email server](/pbx/administrator-guide/email-server-overview/) is configured. Codes are delivered through it, so without a working mail server the feature cannot send them.

## Turn on email verification

1. Log in to the Cloud Voice Dashboard at https://voice.izt.cloud and click **Login** to open your phone system's management portal with full administrator access. Select your account name in the top-right corner, then open **Change Password & Security > Security Settings**.
2. Tick the **Two-Factor Authentication** checkbox.
3. When the **Password** window appears, type your account password and select **Confirm** to authorize the change.
4. Choose **Authenticated by Email**, then work through the fields below.

   
   ![Cloud Voice, the email two-factor panel with a Send button and a field for the authentication code](/images/pbx/click-to-send-email-for-2fa.png)

   1. Select **Send**. A message with a six-digit code goes to the email address tied to the administrator account.

      :::note
      The code is only valid for 5 minutes after it is sent.
      :::
   2. Enter that code in the **Authentication Code** field.
   3. Select **Save**.

## What happens next

- An "Edited successfully." confirmation appears, which means two-factor authentication is now active.
- From your next sign-in onward, the portal asks for a verification code in addition to your password.

  :::tip
  On a device you use regularly, tick **Trusted Device** at the code prompt. That device then skips the code entry for the next 180 days.
  :::

  
  ![Cloud Voice, the sign-in screen prompting for an emailed authentication code with a Trusted Device option](/images/pbx/log-in-with-2fa-email-pce.png)

:::caution[Extension users locked out?]
If extension users can't get past two-factor authentication, you can [disable it for their extension accounts](/pbx/administrator-guide/manage-two-factor-authentication/#manage-two-factor-authentication__dis-for-others) so they sign in with just their username and password.
:::
