# Set up 2FA in BuildingPro Suites ## What is TOTP? **TOTP** stands for *Time-based One-Time Password*. It is a time-limited one-time password that is newly generated every 30 seconds. Authentication is performed via an app on your smartphone (e.g., *Google Authenticator*, *Authy*) and ensures that only you have access to your user account—even if someone knows your password. ### **Advantages of TOTP/2FA:** * Higher security for sensitive project data * Protection against unauthorized access * One-time passwords also work offline ## Activate Two-Factor Authentication (TOTP)

**How to start the setup:** 1. Click on the user profile in the top right \[A] 2. Click on the gear in the dropdown menu \[B] 3. In the *Profile* section, activate the switch \[C] ▷ The setup for TOTP-based two-factor authentication begins ### Turn on OTP/2FA

After clicking the switch to activate two-factor authentication, the configuration window opens. **1. Connect Authenticator App** * Scan the **QR code** with an OTP-compatible app (e.g., *Google Authenticator* or *Authy*) * Alternatively: Copy the displayed **setup code** and manually paste it into your app **2. Confirm OTP Code** * Enter a **currently generated code** from your authenticator app into the *OTP Code* field * You have **120 seconds** for this step * Click **Next** to proceed {% hint style="info" %} If the time has expired, restart the process by reactivating OTP/2FA. {% endhint %} ### Save Recovery Codes

After successfully activating two-factor authentication, ten recovery codes are displayed once. These codes serve as a backup in case you lose access to your authenticator app. * Each code can be used **only once** * The codes allow you to log in or reset your 2FA * Save the codes securely in a protected location To proceed, you must confirm that you have saved the codes. To do this, activate the checkbox and click **Confirm**. If you lose the codes, access to your account can only be restored by an administrator. *** ## Login with OTP Code

If OTP/2FA is activated, you must authenticate with a one-time password (OTP) from your authenticator app when logging in. * Open your authenticator app and enter the current 6-digit code * You have 60 seconds to enter the code * Click **Verify** to complete the login If you do not have access to the app, you can use one of your **recovery codes**. If the code is invalid or the time has expired, restart the login process. **Problems with login?** * Make sure your device's time and time zone are set correctly * If necessary, use one of your saved recovery codes * If access is permanently impossible, contact your project administration *** ## Deactivate OTP/2FA

1. Go back to your profile 2. Deactivate the **OTP/2FA** switch 3. To confirm: * Enter a valid OTP code 4. Click **"Confirm and Deactivate"** ▷ Two-factor authentication will be removed