Loading the new Help Center

How to enable two-factor authentication

Available for:
Free
Premium
Business

You want to feel safe and secure in everything you do in life, particularly when it comes to your personal data. That’s why we’ve implemented several security measures to make your Todoist account as safe as possible.

Read on to learn more!

Enable two-factor authentication

Two-factor authentication (also referred to as 2FA) adds an extra layer of security to your account by requiring you to use an authentication app when logging into your account.

If you don’t already have an authentication app (such as Authy or Google Authenticator) on your mobile device, make sure to install one first.

In order to use 2FA on your account, you’ll need to turn on the setting first. Here’s how:

  1. Log in to Todoist in a browser.
  2. Click your avatar in the top-right corner.
  3. Click Settings.
  4. Select Account in the left-hand menu.
  5. Click the toggle below Two-factor authentication.
  6. Scan or copy the secret code you see to your authentication app.
  7. Enter the verification code in Todoist, and you'll see Verification successful.
  8. Click Continue in the bottom-right corner.
  9. Scroll down to Save your recovery codes and click Copy all codes.
    • It’s very important that you save these codes in a secure place. If you ever get logged out of your account, you may need them to get back in.
  10. Click Continue in the bottom-right corner.
  1. In your Todoist app, tap the gear icon in the top-right corner.
  2. Select Account.
  3. Tap the Require 2FA toggle.
  4. Copy the secret code you see to your authentication app.
  5. Enter the verification code in Todoist.
  6. Tap Done in the top-right corner, and you'll see Verification successful.
  7. Scroll down to Save your recovery codes and tap Copy all codes.
    • It’s very important that you save these codes in a secure place. If you ever get logged out of your account, you may need them to get back in.
  8. Tap Done in the top-right corner.
  1. In your Todoist app, swipe up the bottom app bar to open the menu.
  2. Tap the gear icon in the top-right corner.
  3. Select Account.
  4. Tap the Two-factor authentication toggle.
  5. Copy the secret code you see to your authentication app.
  6. Enter the verification code in Todoist, and you'll see Verification successful.
  7. Scroll down to Save your recovery codes and tap Copy all codes.
    • It’s very important that you save these codes in a secure place. If you ever get logged out of your account, you may need them to get back in.
  8. Tap Done in the top-right corner.

2FA will now be enabled on your account.

Disable 2FA

  1. Log in to Todoist in a browser.
  2. Click your avatar in the top-right corner.
  3. Click Settings.
  4. Select Account in the left-hand menu.
  5. Scroll down to Two-factor authentication and toggle the setting Off.
  6. Enter a one-time passcode from your authentication app or one of your recovery codes.
  1. Tap the gear icon in the top-right corner of Todoist.
  2. Select Account.
  3. Use the toggle under Two-factor authentication to disable 2FA.
  4. Enter a one-time passcode from your authentication app or one of your recovery codes.
  1. In your Todoist app, swipe up the bottom app bar to open the menu.
  2. Tap the gear icon in the top-right corner.
  3. Select Account.
  4. Use the toggle to the right of Two-factor authentication to disable 2FA.
  5. Enter a one-time passcode from your authentication app or one of your recovery codes.

FAQ

What is a one-time passcode?

A one-time passcode is a six digit code generated by your authentication app. If you’ve enabled 2FA on your account, you’ll be prompted to use a one-time passcode for a variety of actions such as:

  • Logging in to your Todoist account.
  • Disabling 2FA.
  • Changing your email address in your Todoist account.
  • Downloading a backup of your account.
  • Deleting your Todoist account.

What is a recovery code?

Your recovery codes are unique to your account and can be used to gain access to your Todoist account if you’re no longer able to generate a one-time passcode (for example, if your mobile device breaks and you’re no longer able to log in to your authentication app).

Copy or generate new recovery codes

  1. Click your avatar in the top-right corner.
  2. Click Settings.
  3. Select Account in the left-hand menu.
  4. Scroll down to Two-factor authentication and click See your recovery codes.
  5. (Optional) If you want to replace your current codes, click Generate new codes.
  6. Click Copy all codes.
  1. Tap the gear icon in the top-right corner of Todoist.
  2. Select Settings.
  3. Select Recovery Codes.
  4. (Optional) If you want to replace your current codes, tap Generate new codes.
  5. Tap Copy all codes.
  1. In your Todoist app, swipe up the bottom app bar to open the menu.
  2. Tap the gear icon in the top-right corner.
  3. Select Account.
  4. Select Recovery Codes.
  5. (Optional) If you want to replace your current codes, tap Generate new codes.
  6. Tap Copy all codes.

Use a recovery code

  1. Start the login process like you normally would.
  2. When you get to the step where you get asked for an authentication code, select Go here to recover your account.
  3. Enter one of your active recovery codes.

I can't see a two-factor authentication setting in my account. What should I do?

Make sure you have no pending updates for Todoist. If you still can't see a two-factor authentication setting in your account, please try logging out of Todoist and back in again.

What authentication apps do you support?

We support the majority of popular authentication apps, such as Google Authenticator and Microsoft Authenticator.

I don't have access to my authentication app and my recovery codes. What should I do?

If you've lost access to both means of recovering your account, you won't be able to access your account anymore, unfortunately.

I still haven't verified my account. How do I do that?

This article will tell you how to verify your account.

Does Todoist 2FA support physical security keys?

At the moment, we only support authentication apps, but we hope to support security keys in the future.