You want to feel safe and secure in everything you do in life, particularly when it comes to your personal data. That’s why we’ve implemented several security measures to protect your Todoist account.
About two-factor authentication
Two-factor authentication or 2FA adds an extra layer of security to your account by requiring you to use a third-party authentication app when logging into your account.
After entering your account email address and password, Todoist will ask for a 6-digit one-time passcode. Your preferred third-party authentication app generates this passcode for you.
If you’ve enabled 2FA on your account, you’ll be prompted to use a one-time passcode for a variety of actions:
- Log in to your Todoist account
- Turn off 2FA
- Change your email address in your Todoist account
- Download a backup of your account
- Delete your Todoist account
- View your recovery codes
Todoist supports authentication apps installed on your mobile device. If you don’t already have an authentication app, like Authy or Google Authenticator, make sure to install one before setting up 2FA for your account.
Turn on two-factor authentication
- Log in to Todoist in a browser.
- Click your avatar in the top-right corner.
- Click Settings.
- Select Account in the left-hand menu.
- Click the toggle below Two-factor authentication.
- Scan or copy the secret code you see to your authentication app.
- Enter the verification code. You'll see a confirmation notice that verification is complete.
- Click Continue in the bottom-right side.
- Scroll down to Save your recovery codes and click Copy all codes.
- Click Continue.
- In your Todoist app, tap the gear icon in the top-right corner.
- Select Account.
- Tap the Require 2FA toggle.
- Copy the secret code you see to your authentication app.
- Enter the verification code in Todoist.
- Tap Done in the top-right corner, and you'll see Verification successful.
- Scroll down to Save your recovery codes and tap Copy all codes.
- Tap Done in the top-right corner.
- In your Todoist app, swipe up the bottom app bar to open the menu.
- Tap the gear icon in the top-right corner.
- Select Account.
- Tap the Two-factor authentication toggle.
- Copy the secret code you see to your authentication app.
- Enter the verification code in Todoist, and you'll see Verification successful.
- Scroll down to Save your recovery codes and tap Copy all codes.
- Tap Done in the top-right corner.
2FA is now enabled on your account. If you don’t see your 2FA settings, learn how to troubleshoot this issue.
Turn off two-factor authentication
- Log in to Todoist in a browser.
- Click your avatar in the top-right corner.
- Click Settings.
- Select Account in the left-hand menu.
- Scroll down to Two-factor authentication and toggle the setting Off.
- Enter a one-time passcode from your authentication app.
- Tap the gear icon in the top-right corner of Todoist.
- Select Account.
- Use the toggle under Two-factor authentication to disable 2FA.
- Enter a one-time passcode from your authentication app.
- In your Todoist app, swipe up the bottom app bar to open the menu.
- Tap the gear icon in the top-right corner.
- Select Account.
- Use the toggle to the right of Two-factor authentication to turn off 2FA.
- Enter a one-time passcode from your authentication app.
Get more help
If you’re having trouble setting up or using two-factor authentication for your Todoist account, learn how to troubleshoot issues with your 2FA setup.
Physical security keys for 2FA aren’t supported yet. Share this as a feature request.