# Manage Two-Factor Authentication

Two-factor authentication (2FA) adds a second check on top of your password when you sign in, so a stolen password alone is not enough to reach your account. Once 2FA is set up, you can maintain it from the same place you enabled it. This page covers three tasks: dropping a device you no longer trust, moving to a different verification method, and switching the feature off entirely.

Each task starts in **Security Settings**. To get there, click your account in the top-right corner of the desktop client and open **Change Password & Security > Security Settings**.

:::note
A trusted device is one you previously chose to remember. On a trusted device the app skips the second verification step at sign-in, so you enter only your email address and password. The **Trusted Device List** is where every device you have trusted is recorded.
:::

## Remove a trusted device

If a device on your trusted list is lost, stolen, or you simply no longer use it, remove it. Once removed, that device has to pass the second verification step again the next time someone signs in from it.

1. Open **Security Settings**. Devices you have marked as trusted appear under **Trusted Device List**.

   
   ![Cloud Voice, Security Settings showing the Trusted Device List with a delete control next to each entry](/images/pbx/manage-trusted-devices.png)

2. Click the delete icon ![Delete](/images/pbx/delete.png) next to the device you want to drop.
3. Click **OK** to confirm.

:::caution
If a trusted device is lost or stolen, remove it right away. Until you do, whoever holds it can reach your account without being asked for the second verification step.
:::

## Change your verification method

You can swap between verification methods, for example moving from emailed codes to an authenticator app, without turning the feature off first.

1. Open **Security Settings**.
2. Click the edit icon ![Edit](/images/pbx/edit.png) next to your current method.
3. Pick the method you want, then work through the remaining setup prompts for that method.

:::tip
Have the new method ready before you switch. If you are moving to an authenticator app, install it first, and if you are moving to emailed codes, make sure you can open that inbox. Completing the setup prompts confirms the new method works before it becomes the one you rely on.
:::

## Disable two-factor authentication

1. Open **Security Settings**.
2. Clear the **Two-Factor Authentication** checkbox.
3. When the **Password** window appears, enter your account password and click **Confirm** to authorize the change.
4. On the **Security Settings** tab, click **Save**.

An "Edited successfully." message confirms that two-factor authentication is now off, and future sign-ins need only your email address and password.

:::caution
Turning 2FA off removes the second layer of protection, so from then on only your password stands between an attacker and your account. Leave 2FA on wherever you can, and re-enable it as soon as you finish whatever required it to be off.
:::
