---
title: İki Aşamalı Doğrulama
title_en: Two-Factor Authentication
order: 30
product: back-office
section_tr: Yönetici Ayarları
section_en: Admin Settings
cardImage: /img/bo/admin-settings/9-1-2/lllqc1s99cigahwx-embedded-image-mx83bimh-425abf8d.webp
---
# Two-Factor Authentication

Use this page to configure and validate 2FA for admin sign-in security.

## Interface Reference

![Two-Factor Authentication](/img/bo/admin-settings/9-1-2/lllqc1s99cigahwx-embedded-image-mx83bimh-425abf8d.webp)

## Purpose

- Protect admin access beyond password-only login.
- Reduce account takeover risk.
- Enforce compliance for privileged users.

## Enable/Update Flow

1. Open **Admin Settings > Two-Factor Authentication**.
2. Choose preferred method (authenticator app, OTP channel, if available).
3. Complete setup verification code.
4. Save and confirm 2FA status is active.
5. Test one fresh login.

## Recovery and Safety Controls

- Store backup/recovery codes securely.
- Keep device time synchronized for OTP validity.
- Rotate device binding if mobile device changes.

## Validation Checklist

- 2FA prompt appears at next login.
- Invalid OTP attempts are blocked.
- Backup/recovery path works for authorized user.

## Troubleshooting

- **OTP rejected repeatedly**: sync device time and request new code.
- **No 2FA prompt**: verify enforcement policy for current role.
- **Device lost**: trigger recovery flow via authorized admin process.

## Best Practice

Require 2FA for all admin roles and audit exceptions monthly.