# Two-Factor Authentication Users can enable two-factor authentication for their accounts in the `/account/2fa` view**.** Once enabled, the user will be presented with a QR code that they can scan using their authenticator app of choice, such as Google Authenticator. {% hint style="info" %} The user's secret (and QR code) is shared across all of their accounts, they don't need to scan a new code for each account they belong to or own. If 2FA is disabled and then re-enabled, they will need to scan the new QR code. {% endhint %} 2FA works with all the Gravity login flows: * username and password * magic links * social sign-ons Once a user has signed has completed the first-factor authentication using one of these methods, they will be prompted to enter OTP (verification code) from their authenticator app. This screen has a time-sensitive token (5 mins) created during the first step; this prevents a user from bypassing the first step in the auth flow without a token. ### Setting Your App Name In The Authenticator Apps To show your application name in the user's authenticator app, simply set the `APP_NAME` env var to the name of your application. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.usegravity.app/gravity-server/authentication/2fa-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.