# Two-Factor Authentication
Two-Factor Authentication (2FA) is an industry standard for multi-layered authentication. It requires two separate methods of verifying your identity by requesting something you know (ID and password) and something you have (an authenticator app on your phone). This provides an additional layer of security and ensures that no one else has access your Workato account.
# How it works
Set up 2 Factor Authentication (2FA) in 2 minutes
Upon logging in with your ID and password, Workato will request authentication through an authenticator app.
Workato requesting two-factor authentication
A unique verification code is generated for you whenever you login to your Workato account. It is a temporary 6-digit code that lets us know it is indeed you. Afterwards, the code will expire and cannot be reused.
# Choose an authenticator app
Workato allows authentication through mobile applications. Some common ones are:
- Google Authenticator (iOS (opens new window) or Android (opens new window))
- Authy (iOS (opens new window) or Android (opens new window))
- Microsoft Authenticator (iOS (opens new window) or Android (opens new window))
# Setup two-factor authentication
Let's go through the activation for two-factor authentication. You will need to be logged in to your Workato account and have your authenticator app (opens new window) ready. In this example, we will be using Google Authenticator.
Step | Description |
---|---|
1 |
Open Account Setting.![]() Profile dropdown |
2 |
Select Two-factor authentication > Setup two-factor authentication![]() Two-factor authentication disabled |
3 |
If prompted to verify your password, input your password and click verify password. Find out why here.![]() Verify your password |
4 |
Using Google authenticator, scan the QR code. Otherwise, you can register with the code provided .![]() Two-factor authentication setup |
5 |
Copy the 6-digit verification code from Google authenticator to the Workato setup.![]() Google authenticator unique verification code The Workato label and profile name lets you know that the connection between Google authenticator and Workato platform is functioning properly.![]() Confirming authenticator app with Workato account |
6 |
Save or download a copy of the recovery codes.![]() Recovery codes Remember to store them in a secure location. Find out more about recovery codes here. |
7 |
Done! You have completed the one-time setup of your Workato two-factor authentication.![]() Two-factor authentication enabled |
# Disable two-factor authentication
In certain situations, you would have to disable your two-factor authentication. For example, in the event of a stolen device or switching to a new work device.
Step | Description |
---|---|
1 |
Open Account Setting.![]() Profile dropdown |
2 |
Select Two-factor authentication > Disable two-factor authentication![]() Two-factor authentication This will remove the all trusted devices that were logged in with the authenticator app. |
3 |
If prompted to verify your password, input your password and click verify password. Find out why here.![]() Verify your password |
4 |
Click Disable 2FA.![]() Disable two-factor authentication |
# Recovery codes
Recovery codes are alphanumeric strings that are uniquely tied to your Workato account. You can use the recovery code to verify your identity in place of the 6-digit verification code. Every recovery code can be use only once.
Using recovery code
A list of 12 recovery codes are auto-generated at the two-factor authentication setup. You should store them in a secure location, preferably not in the same location as your authenticator app (i.e. not on your phone).
# Lost authentication device
If you deleted your app, changed, or lost your device (or security key), you can still access your Workato account. You can use a recovery code to perform two-factor authentication.
Upon logging in, you are advised to reset your two-factor authentication settings. By changing the two-factor authentication setting, you are preventing unwanted access to your account thru a stolen device. This also reconfigures two-factor authentication to your new device.
First, disable two-factor authentication. Next, setup two-factor authentication with your new device.
# Lost recovery codes
If you have not stored your recovery codes or have accidentally deleted them, you can retrieve them from your two-factor authentication setup.
To view your recovery codes, go to Account settings > Two-factor authentication > View recovery codes.
View recovery codes
You are advised to store them in a secure but accessible location.
# Generate new recovery codes
If you realized that you have misplaced your recovery codes, we advise that you generate a new set. Remember that other people can use the recovery codes to access to your Workato account!
You can also generate new recovery codes if they are depleting. Using the single-use recovery codes for two-factor authentication will reduce the total number of available codes. Generating a new set of recovery codes will ensure that you never get locked out of your Workato account.
Select Account settings > Two-factor authentication > View recovery codes > Regenerate recovery codes
Generate new recovery codes
# Trusted devices
You can temporarily disable two-factor authentication for trusted devices, like a secured work laptop. This allows the device to login without two-factor authentication for 30 days.
Select trust this device during the two-factor authentication process.
Trust this device for 30 days
Your trusted devices will appear on the two-factor authentication setting's page. You can revoke access to devices you do not recognize or to devices that are no longer in use.
Trusted devices
# Why verify password
When initiating changes in your account security settings, Workato will ask you for your password as an additional layer of authentication. This applies when making changes to your two-factor authentication configuration, which includes enabling two-factor authentication and viewing recovery codes.
Verify password
After you have verified your password, we will not ask again in the next 15 minutes.