# How to enable two-factor authentication at the Hideez Enterprise Server?
{% hint style="info" %}
This guide explains how to enable two-factor OTP (One-Time Password) authentication for accessing the Hideez Enterprise Server (HES) web interface. To enable OTP for other websites, you must configure the appropriate settings on those sites.
{% endhint %}
***
### **Enabling 2FA for Admin Accounts**
#### **Step 1:**
In the top-right corner of the window, click on the **profile icon** and select **Profile** from the drop-down list.
#### **Step 2:**
In the Profile section, go to **One-Time Password** and click on the **Add OTP App** button.
#### **Step 3:**
Follow the on-screen instructions to set up 2FA.
You can use [**Hideez Authenticator**](/hideez-authenticator-app/quick-overview.md) as the OTP generation application.
#### **Step 4:**
After successfully enabling two-factor authentication, you will be prompted to save your **recovery codes**. You will receive 10 recovery codes, each consisting of 8 characters. These can be used in case you are unable to generate an OTP code.
{% hint style="warning" %}
**Important:** Save these recovery codes in a secure place.
{% endhint %}
Two-factor authentication is now configured, and you can use it with your OTP application.
***
### **Using Hideez Key for OTP Generation**
If you want to use the [**Hideez Key** to generate OTPs](/use-cases/hideez-key/password-manager-and-otp-generator.md#enabling-otp-input-for-your-accounts), when creating your admin account, enter the **Secret Key** provided during the OTP setup in the corresponding field.
The **Secret Key** is a 32-character value provided in **Step 3**.
\
[Learn more about creating accounts via Hideez Client](/hideez-client-app/account-management/account-creation.md). \
[Learn more about creating accounts on HES](/hideez-enterprise-server/accounts/how-to-work-with-personal-employee-accounts.md). \
[How to enter credentials with the Hideez key](/hideez-key-enterprise-edition/how-to-enter-credentials-with-hideez-key.md).
***
### **Disabling 2FA on HES**
#### **Step 1:**
Go to the **Profile** tab and locate the **One-Time Password** section. Click **Disable 2FA**.
#### **Step 2:**
Confirm the action to disable two-factor authentication.
{% hint style="info" %}
Two-factor authentication is now disabled, but you can enable it again at any time.
{% endhint %}
***
### **Resetting Recovery Codes**
When you disable and then re-enable 2FA, your recovery codes will be reset.
{% hint style="info" %}
**Note:** If you reset the OTP app without disabling 2FA, the recovery codes will **not** be reset.
{% endhint %}
***
### **Logging In with a Recovery Code**
If you cannot enter the OTP code during login, you can use a recovery code.
#### **Step 1:**
Enter your login and password.
#### **Step 2:**
Click on the **One-Time Password** button.
#### **Step 3:**
Click **Log in with a recovery code**.
#### **Step 4:**
Enter one of your previously saved recovery codes and click **Login**.
***
{% hint style="info" %}
This completes the setup and usage guide for two-factor authentication on Hideez Enterprise Server.
{% endhint %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://enterprise.hideez.com/hideez-enterprise-server/administration/how-to-enable-two-factor-authentication-at-hideez-enterprise-server.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.