> ## Documentation Index > Fetch the complete documentation index at: https://docs2.zenskar.com/llms.txt > Use this file to discover all available pages before exploring further. # Two-factor authentication ## 1. Explanation: Understanding 2FA This section explains the concepts behind authentication and why a second layer of security is necessary. ### Authentication vs. authorization * **Authentication** verifies *who you are*. * **Authorization** determines *what resources you can access* after your identity is confirmed. ### **Why use 2FA?** Standard password-based authentication is vulnerable to brute-force attacks, phishing, and man-in-the-middle exploits. **Two-Factor Authentication (2FA)** is a type of Multi-Factor Authentication (MFA) that requires two different types of evidence to grant access. These factors usually fall into three categories: 1. **Something you know:** A password or PIN. 2. **Something you have:** A smartphone or a secure USB key. 3. **Something you are:** Biometrics like fingerprints or facial recognition. By requiring a physical device (something you have) in addition to a password, 2FA ensures that even if an attacker steals your credentials, they cannot access your account without your secondary device. *** ## 2. Tutorial: Set up your first authenticator Follow these steps to set up 2FA for the first time using a mobile application. 1. **Download an app:** Install either **FreeOTP** or **Google Authenticator** from your mobile device's app store. 2. **Log in:** Access your account on your computer. If 2FA has been enabled for your account by an admin, you will be prompted with a setup screen. 3. **Scan the QR code:** Open your chosen authenticator app, select the option to "Add a code" (usually a `+` icon), and point your camera at the QR code displayed on your computer screen. 4. **Verify the code:** The app will generate a 6-digit code. Type this code into the login screen on your computer and click **Submit**. 5. **Success:** Your account is now linked to your mobile device. *** ## 3. How-to guides: Managing 2FA Practical steps for administrative and configuration tasks. ### How to enable 2FA for a user (Admin) If you have administrative privileges, you can enforce 2FA for specific users: 1. Click the **drop-up menu** at the bottom-left corner (your profile name). 2. Select **Users** from the menu. 3. Locate the specific user in the list. 4. Click the **kebab menu** (three vertical dots) next to the user's name. 5. Select **Enable Two-Factor Authentication**. 6. Click **OK** on the confirmation prompt. ### How to manually configure an app If your camera cannot scan the QR code, you can enter the details manually in your authenticator app using the parameters found in the **Reference** section below. *** ## 4. Reference: Technical specifications Detailed technical data for manual configuration and app comparison. ### Supported authenticator apps | App | Developer | License | Platform | | ------------------------ | --------- | ----------- | ------------ | | **FreeOTP** | Red Hat | Open Source | Android, iOS | | **Google Authenticator** | Google | Proprietary | Android, iOS | ### TOTP configuration parameters If manual entry is required, use the following Time-Based One-Time Password (TOTP) settings: * **Type:** Time-based * **Algorithm:** SHA1 * **Digits:** 6 * **Interval:** 30 seconds ***