Enabling two-factor authentication (2FA) adds an extra layer of security to help protect your financial data. This adds a secondary login step using a code generated by an authenticator app like Google Authenticator or Microsoft Authenticator.

How Two-Factor Authentication Works

After entering your login email and magic code, Expensify will prompt you for a 6-digit verification code generated by your authenticator app, such as Google Authenticator, Microsoft Authenticator, or Authy. Each code is time-based and refreshes every few seconds, ensuring that no code is ever reused. If the code expires, simply open the app to get a new one.

How to Enable Two-Factor Authentication in Expensify

1. In the left-hand menu, tap Account > Security.
2. Under Security options, tap Two-Factor Authentication.
3. Follow the prompts to enable 2FA.
4. Save your backup codes—these are essential for account recovery.
   • Tap Download to save the codes to your device.
   • Tap Copy to paste the codes into a secure location.
5. Tap Next.
6. Open your authenticator app and connect it to Expensify by:
   • Scanning the QR code, or
   • Entering the setup code manually.
7. Enter the 6-digit verification code and tap Verify.

What to Expect When Logging In

Once 2FA is enabled, logging in will require two steps:

1. Enter the magic code sent to your email.
2. Open your authenticator app and enter the 6-digit verification code. The code refreshes every few seconds, so use the most recent one available.

Recovery Codes

Backup recovery codes allow you to log in to Expensify if you lose access to your authenticator app.

Each recovery code works like a one-time password. You’ll receive several unique codes when setting up 2FA—make sure to:

• Store them in a safe, offline location (such as a secure document or password manager).
• Never share your codes with anyone.
• Use each code only once—after it’s used, it becomes inactive.

If you lose your authenticator app and don’t have access to your recovery codes, you’ll need to contact Expensify support to verify your identity and regain access to your account.

FAQ

Why should I use 2FA?

2FA significantly reduces the chance of unauthorized account access, even if someone obtains your login email or password. It’s a simple but powerful tool for protecting sensitive financial data.

What happens if I lose my phone or uninstall the authenticator app?

Log in using one of your backup recovery codes. Then, disable 2FA and set it up again with your new device or app.

Can I use 2FA on more than one device?

Yes. When setting up 2FA, you can scan the QR code with multiple devices (like your phone and tablet) to generate codes from both.

What if my verification code isn’t working?

Make sure your device’s clock is set to the correct time. Authenticator apps rely on time-based tokens, so an inaccurate device clock can cause errors.