# Two-factor authentication / MFA This section allows you to manage your login security settings, including enabling Two-Factor Authentication (MFA) and updating your account Password. #### Accessing Security Settings To configure these options: 1. Click on your **Profile Icon** in the navigation bar. 2. Select your **Profile**. 3. Navigate to the **Security** tab. #### Enabling Two-Factor Authentication (MFA) ITOC360 supports two robust methods for MFA. Enabling either method adds an extra layer of security, requiring both your password and a unique verification code to log in. **Option 1: TOTP (Authenticator App) - *****Recommended*** Time-based One-Time Passwords (TOTP) generate a code that refreshes every 30 seconds via a mobile app. This method works even without cellular signal. 1. In the **Security** tab, locate the MFA section. 2. Select **TOTP** as your method. 3. A QR Code will appear on the screen. 4. Open your preferred authenticator app (e.g., Google Authenticator, Microsoft Authenticator, Authy) on your mobile device. 5. Scan the QR code with the app. 6. Enter the 6-digit code displayed in your app into ITOC360 to verify and activate the setup. **Option 2: SMS Authentication** Receive verification codes directly to your mobile phone via text message. 1. In the **Security** tab, select **SMS** as your MFA method. 2. Enter your mobile phone number (including country code). 3. Click **Send Code**. 4. Enter the verification code sent to your phone to confirm and activate SMS MFA. > **Note:** The phone number used for MFA is for login security only. It does not automatically register this number as a "Channel" for incident alerts. You must configure alerts separately in the *Channels* menu. #### Changing Your Password You can also update your login credentials directly from the **Security** dashboard. 1. Navigate to the **Change Password** section. 2. **Current Password:** Enter your existing password to verify your identity. 3. **New Password:** Enter your new, strong password. 4. **Confirm Password:** Re-enter the new password to prevent typos. 5. Click **Save** to finalize the change. > Security Tip: We recommend using a password manager and creating a password with a mix of uppercase letters, lowercase letters, numbers, and symbols. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.itoc360.com/users-and-access-management/two-factor-authentication-mfa.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.