Two-factor authentication significantly enhances security by adding an extra layer of protection, making it difficult for somebody else to sign in as you. When end users turn on two-factor authentication in their help center profile, they will be asked to enter a passcode after entering their password when signing in. End users can get the passcode from a two-factor authentication app installed on their mobile device.
If you are an agent, see Using two-factor authentication to sign in to Zendesk Support to learn how to turn on two-factor authentication in the Zendesk Support agent interface.
This article covers the following topics:
- Turning on two-factor authentication
- Changing how often you enter a passcode
- Turning off two-factor authentication
- Using and getting more recovery codes
Related articles:
Turning on two-factor authentication
Install a two-factor authentication app on your mobile device before turning on two-factor authentication in your help center profile. Two-factor authentication apps include Google Authenticator, Authy, Symantec VIP, and Duo Mobile. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
By default, you only have to enter a passcode once every 30 days. You can choose to enter a passcode every time you sign in.
- Click your profile icon on the upper-right side of any help center page, then click Profile to display your profile.
- Click Edit profile.
- Click Manage 2FA.
- Click Set up 2FA.
- Click Next to confirm you've installed an authenticator app on your mobile device.
You are directed to the Connect your 2FA method step.
- Start the two-factor authentication app on your device, select the option to add an entry, and point your device's camera at the QR code (the blocky square) on the help center dialog in your browser window.
The mobile app might refer to this action as Scan Barcode.
The app should automatically scan the QR code and generate a passcode. If you have trouble scanning the QR code, you can manually enter the secret key that's provided.
Note: Scanning the barcode is a one-time-only step. - Enter the 6-digit passcode generated by the app, then click Save.
Your recovery codes display after clicking Verify.
- Click Copy recovery codes to copy the codes to your clipboard, then paste them somewhere safe. If you lose your phone or can't access your device, the recovery codes are the only way to access your account again.
- Click Done.
From now on, when you sign in, you can get a valid passcode by simply opening a two-factor authentication app on your device. The app displays a valid passcode on the opening screen. You typically get 30 seconds to use it before it expires, then the app displays a new passcode.
The app doesn't need an internet connection to display valid passcodes.
Changing how often you enter a passcode
By default, you only have to enter a passcode once every 30 days. You'll always be asked for a passcode when you sign in from a different device for the first time.
To enter a passcode every time you sign in, uncheck the Don't ask again on this computer for 30 days option on the dialog that prompts you for a passcode.
Turning off two-factor authentication
You can turn off two-factor authentication anytime from your help center profile.
- Click your profile icon on the upper-right side of any help center page, then click Profile to display your profile.
- Click Edit profile.
- Click Manage 2FA.
- Click Turn off 2FA.
Using and getting more recovery codes
If you lose your phone or can't access your device, you can use one of your recovery codes to access your account again. When prompted for a passcode at sign-in, enter one of your recovery codes. You can only use each code once.
After you're signed in, you can get another set of recovery codes from your user profile page by turning off two-factor authentication and then turning it on again.