Two-Factor Authentication

Add an extra layer of security to your Toolfy account with two-factor authentication (2FA).

What is Two-Factor Authentication?

Two-factor authentication (2FA) adds an extra security step when logging into your account. Even if someone knows your password, they'll need access to your phone or authenticator app to get in.

Why Use 2FA?

• Protect customer data: Keep sensitive customer information secure
• Financial security: Protect payment and invoice data
• Business continuity: Prevent unauthorized access to your schedule
• Compliance: Meet security requirements for some industries
• Peace of mind: Sleep better knowing your account is protected

Enabling Two-Factor Authentication

Step-by-Step Setup

1. Go to Settings → Account Security
2. Click "Enable Two-Factor Authentication"
3. Choose your 2FA method (SMS or Authenticator App)
4. Follow the setup instructions for your chosen method
5. Save your recovery codes in a safe place
6. Test your 2FA setup by logging out and back in

2FA Methods Available

SMS Text Messages

• Easy setup: Just enter your phone number
• Convenient: No extra apps needed
• Quick codes: 6-digit codes sent instantly
• Limitations: Requires mobile signal

Setting Up SMS 2FA

1. Select "SMS Text Message" as your 2FA method
2. Enter your mobile phone number
3. Click "Send Test Code"
4. Enter the 6-digit code you receive
5. Confirm setup and save your recovery codes

Authenticator Apps (Recommended)

• More secure: Codes generated locally on your device
• Works offline: No internet required for codes
• Multiple devices: Set up on phone and backup device
• Industry standard: Works with Google, Microsoft, etc.

Recommended Authenticator Apps

• Google Authenticator: Free, simple, reliable
• Microsoft Authenticator: Free, cloud backup available
• Authy: Free, multi-device sync
• 1Password: Integrated with password manager

Setting Up Authenticator App

1. Install an authenticator app on your phone
2. Select "Authenticator App" as your 2FA method
3. Scan the QR code with your authenticator app
4. Enter the 6-digit code from your app
5. Confirm setup and save your recovery codes

Recovery Codes

What Are Recovery Codes?

Recovery codes are one-time use backup codes that let you access your account if you lose access to your 2FA method. Each code can only be used once.

Storing Recovery Codes Safely

• Print them out: Keep a physical copy in a safe place
• Password manager: Store in your password manager
• Secure note: Save in encrypted notes app
• Multiple locations: Keep copies in different places
• Don't screenshot: Avoid storing as images on devices

Using Recovery Codes

1. Go to the Toolfy login page
2. Enter your email and password
3. When prompted for 2FA code, click "Use recovery code"
4. Enter one of your unused recovery codes
5. Complete login and consider setting up 2FA again

Daily Use of 2FA

Logging In with 2FA

1. Enter your email and password as usual
2. You'll be prompted for your 2FA code
3. Open your authenticator app or check SMS
4. Enter the 6-digit code
5. Click "Verify" to complete login

Stay Logged In Options

• "Remember this device": Skip 2FA for 30 days on trusted devices
• Browser settings: Keep session active
• Mobile app: Biometric login after initial 2FA setup

Managing Your 2FA Settings

Changing 2FA Methods

1. Go to Settings → Account Security
2. Click "Change 2FA Method"
3. Enter current 2FA code to confirm
4. Select new method (SMS or Authenticator)
5. Complete setup for new method
6. Generate new recovery codes

Updating Phone Number

1. Go to Settings → Account Security
2. Click "Update Phone Number"
3. Enter current 2FA code
4. Add new phone number
5. Verify new number with test code

Team Member 2FA

Requiring 2FA for Team

Business owners can require all team members to use 2FA:

1. Go to Settings → Team Security
2. Enable "Require 2FA for all team members"
3. Set deadline for team to enable 2FA
4. Team members get email notification
5. Non-compliant accounts locked until 2FA enabled

Helping Team Members

• Provide guidance: Share this help article
• Choose method together: Help them pick SMS or app
• Test together: Walk through login process
• Recovery planning: Ensure they save recovery codes

Troubleshooting 2FA

Not Receiving SMS Codes

• Check signal: Ensure good mobile reception
• Wait a moment: SMS can take up to 2 minutes
• Check spam: Some carriers filter SMS
• Try again: Request new code
• Use recovery code: If SMS continues failing

Authenticator App Issues

• Time sync: Ensure device time is correct
• Update app: Make sure authenticator app is current
• Re-add account: Remove and re-scan QR code
• Try different app: Switch to another authenticator

Lost Access to 2FA Device

1. Use recovery codes: Enter a saved recovery code
2. Contact support: If no recovery codes available
3. Identity verification: Prove account ownership
4. Account recovery: Support will help regain access
5. Set up new 2FA: Configure 2FA on new device

Account Recovery Process

When to Contact Support

• Lost device: Phone stolen or broken
• No recovery codes: Never saved or lost them
• Changed phone number: New number not updated
• App issues: Authenticator app not working

Information Needed for Recovery

• Account email: Email address for your Toolfy account
• Business information: Company name and address
• Recent activity: Recent invoices or jobs created
• Payment information: Last payment method used
• Identity proof: Driver's license or business documents

Best Practices

Security Tips

• Use authenticator apps: More secure than SMS when possible
• Multiple devices: Set up authenticator on phone and tablet
• Regular backups: Keep recovery codes updated and safe
• Don't share codes: Never give 2FA codes to anyone
• Log out when done: Especially on shared computers

Business Security

• Require for all users: Enable organization-wide 2FA
• Regular review: Check who has 2FA enabled
• Recovery planning: Have backup plans for each team member
• Security training: Educate team about 2FA importance

Disabling 2FA

When You Might Disable 2FA

• Switching methods: Temporarily during method change
• Technical issues: Persistent problems with current setup
• Account recovery: As part of support-assisted recovery

How to Disable 2FA

1. Go to Settings → Account Security
2. Click "Disable Two-Factor Authentication"
3. Enter current password
4. Enter current 2FA code
5. Confirm you want to disable 2FA