# Two-factor Authentication (2FA) Overview

Two-factor authentication (2FA) adds a second checkpoint to the administrator sign-in. Once it is turned on, a valid password alone is no longer enough to reach the account: each login also demands a short verification code, so a leaked or guessed password cannot get an attacker in on its own. This page explains the two ways Cloud Voice can deliver that code.

:::note
Extension users are not limited to the administrator setup. Each user can enable 2FA for their own account from the Cloud Voice App (Web or Desktop), and the setting then carries across every Cloud Voice App they sign in to.
:::

## Requirements

Your Cloud Voice system must be running version 84.10.0.30 or later.

:::caution
Once 2FA is on, every future login needs both the password and a fresh verification code. If you lose access to your phone (authenticator app) or to your inbox (email), you can be locked out of the administrator account. Keep a reliable backup way to receive codes before you enable this.
:::

## Verification by authenticator app

With this method, verification codes come from an authenticator app installed on your phone. Cloud Voice works with standard TOTP (Time-based One-Time Password) apps, including:

- [Google Authenticator](https://support.google.com/accounts/answer/1066447?hl=en)
- [FreeOTP](https://freeotp.github.io/)
- [Twilio Authy](https://authy.com/)
- [Microsoft Authenticator](https://www.microsoft.com/en-us/security/mobile-authenticator-app)

After installing one of these apps, you link the administrator account to it once. From then on the app continuously generates the codes you need. At each login you supply your password and the current code shown in the app.

:::tip
An authenticator app is the more robust choice of the two methods: it generates codes on the device itself, so it keeps working even when email delivery is slow or the mailbox is unreachable.
:::

For the step-by-step setup, see [Configure Two-factor Authentication using Authenticator Application](/pbx/administrator-guide/configure-two-factor-authentication-using-authenticator-application/).

## Verification by email

This method sends each verification code to the email address tied to the administrator account. When you log in, you enter your password and then the code delivered to that inbox.

:::note
Codes go to whatever email address is on file for the administrator account. Confirm that address is correct and that the system can actually send outbound email before you rely on this method, otherwise the codes will never arrive and you will not be able to finish signing in.
:::

For the step-by-step setup, see [Configure Two-factor Authentication using Email](/pbx/administrator-guide/configure-two-factor-authentication-using-email/).
