# Two-factor authentication / MFA

This section allows you to manage your login security settings, including enabling Two-Factor Authentication (MFA) and updating your account Password.

#### Accessing Security Settings

To configure these options:

1. Click on your **Profile Icon** in the navigation bar.
2. Select your **Profile**.
3. Navigate to the **Security** tab.

#### Enabling Two-Factor Authentication (MFA)

ITOC360 supports two robust methods for MFA. Enabling either method adds an extra layer of security, requiring both your password and a unique verification code to log in.

**Option 1: TOTP (Authenticator App) -&#x20;*****Recommended***

Time-based One-Time Passwords (TOTP) generate a code that refreshes every 30 seconds via a mobile app. This method works even without cellular signal.

1. In the **Security** tab, locate the MFA section.
2. Select **TOTP** as your method.
3. A QR Code will appear on the screen.
4. Open your preferred authenticator app (e.g., Google Authenticator, Microsoft Authenticator, Authy) on your mobile device.
5. Scan the QR code with the app.
6. Enter the 6-digit code displayed in your app into ITOC360 to verify and activate the setup.

**Option 2: SMS Authentication**

Receive verification codes directly to your mobile phone via text message.

1. In the **Security** tab, select **SMS** as your MFA method.
2. Enter your mobile phone number (including country code).
3. Click **Send Code**.
4. Enter the verification code sent to your phone to confirm and activate SMS MFA.

> **Note:** The phone number used for MFA is for login security only. It does not automatically register this number as a "Channel" for incident alerts. You must configure alerts separately in the *Channels* menu.

#### Changing Your Password

You can also update your login credentials directly from the **Security** dashboard.

1. Navigate to the **Change Password** section.
2. **Current Password:** Enter your existing password to verify your identity.
3. **New Password:** Enter your new, strong password.
4. **Confirm Password:** Re-enter the new password to prevent typos.
5. Click **Save** to finalize the change.

> Security Tip: We recommend using a password manager and creating a password with a mix of uppercase letters, lowercase letters, numbers, and symbols.