Two-factor authentication adds an extra layer of security by allowing users to enter a one-time code, based on TOTP, in addition to their username and password when they log in.
By default, users can individually choose to enable two-factor authentication. Administrators can make two-factor authentication mandatory for all users in JackDB Enterprise.
If you lose your authenticator, or can't use the codes generated by your mobile application, you can print or save a set of one-time use backup recovery codes. After using a recovery code to log in, it becomes inactive and can't be used again.
You'll need to verify your password before generating a new set of recovery codes.