Setting Up & Managing Two-Factor Authentication (2FA)

⚡ What is Two-Factor Authentication (2FA)? 

Two-Factor Authentication (2FA) adds an extra layer of security to your account by requiring a second form of verification when logging in.

In addition to entering your username and password, you’ll also be required to enter a temporary verification code generated by an authenticator app on your mobile device.

This helps protect your account even if your password becomes compromised.

💡 | Tip: We strongly recommend enabling 2FA for all administrator accounts, especially those with payroll access or access to sensitive employee information.

🔎 Why Use Two-Factor Authentication?

Here are some common reasons users enable Two-Factor Authentication (2FA):

• Additional account protection: Add an extra layer of security beyond just a password to help prevent unauthorized access to your account.
• Protect sensitive business information: Help secure payroll data, employee records, schedules, and other important company information stored in your account.
• Proactive security practices: Reduce the risk of unauthorized access by requiring verification from a trusted device during login.
• Stronger team-wide security:  Support safer account access across your organization, especially for administrator users.

🔐 Access required

Two-Factor Authentication (2FA) is available across all subscription plans and can be enabled by any user with login access to the platform.

Who can manage 2FA?

• Super Administrators: Can enable or disable 2FA for their own account and request assistance from our Support Team to disable 2FA for either their own account or other users on the account if needed.
• Team Administrators: Can enable or disable 2FA for their own account and request assistance from our Support Team to disable 2FA for their own account.
• Employees: Can enable or disable 2FA for their own account and request assistance from our Support Team to disable 2FA for their own account.

📋 Topics covered in this article:

• Downloading Supported Authenticator Apps
• Enabling Two-Factor Authentication (2FA)
• Disabling Two-Factor Authentication (2FA)
• Recovering Access to an Account with Two-Factor Authentication (2FA) Enabled
• Frequently Asked Questions

📚 Related articles:

• I Forgot My Password. How Do I Reset It?

Downloading Supported Authenticator Apps

Before Two-Factor Authentication (2FA) can be enabled on your account, an authenticator app must be installed on a trusted device (e.g., a mobile device).

Authenticator apps generate temporary verification codes used during login to confirm your identity and help protect your account from unauthorized access.

Setting up the authenticator app is the first step in the 2FA setup process. Once the app is installed and ready to generate authentication codes, 2FA can then be enabled within Push.

📌 | Note: If this step is missed and 2FA is enabled, you will be locked out of your account because no verification code will be connected to your account.

We recommend either of the following two options :

• Google Authenticator: Google Play Store or iTunes
• Authy: Google Play Store or iTunes

💡 | Tip: When enabling 2FA, you will be prompted to scan a unique QR code using your authenticator app to complete the connection. Ensure the trusted mobile device being used has access to a camera.

Enabling Two-Factor Authentication (2FA)

Once your authenticator app is installed and ready to generate authentication codes, you can enable 2FA directly in your account.

Once enabled, Two-Factor Authentication will immediately begin protecting your account by requiring both your password and a temporary authentication code during login.

1. Log in to your account on a desktop.
2. Click the Company name in the top right-hand corner.
3. In the drop-down menu, click your profile/name.
4. On the left-hand navigation bar, select Two Factor Security.
5. The page will load to the Two-Factor Authentication Setup. 
6. Under Two-Factor Authentication is Currently DISABLED, click Enable.
7. In the line box, enter your password for your account and once completed, click Submit.
8. Open the authenticator app and scan the unique QR code from your account.
9. Once scanned, a 6-digit code will appear on your authenticator app.
10. Enter the 6-digit code in the line box of your account.
11. Once completed, click Submit to enable 2FA, and you're done! 
12. The Two-Factor Authentication Setup page should state Two-Factor Authentication is Currently ENABLED. 

Disabling Two-Factor Authentication (2FA)

There may be situations where you need to disable Two-Factor Authentication, such as when replacing a mobile device, changing authenticator apps, troubleshooting account access issues, or removing the additional login verification requirement from your account.

Disabling 2FA removes the additional verification step during login, reverting your account to using only a username and password for authentication.

📌 | Note: Before disabling 2FA, ensure you still have access to your authenticator app and current verification code, as this code is required during the disable process.

1. Log in to your account on a desktop.
2. Click the Company name in the top right-hand corner.
3. In the drop-down menu, click your profile/name.
4. On the left-hand navigation bar, click Two Factor Security.
5. Under Two-Factor Authentication is Currently ENABLED, click Disable.
6. Under Enter your current two-factor authentication code, enter the 6-digit code from your Authenticator app.
7. Once done, click Submit.
8. The Two-Factor Authentication Setup page should state Two-Factor Authentication is Currently DISABLED. 

Recovering Access to an Account with 2FA Enabled

In the event that you can no longer access an account where Two-Factor Authentication (2FA) is enabled, assistance from our Support Team may be required to help restore account access.

This most commonly occurs when:

• Replacing or resetting a mobile device before transferring authenticator app information
• Losing access to a trusted device connected to an authenticator app
• Removing or reinstalling an authenticator app before transferring verification codes
• Enabling 2FA before properly setting up an authenticator app

To request that 2FA be removed so access to the account can be restored, please contact our Support Team using the information below.

• Email: support@pushoperations.com.
• Subject line: 2FA Reset or Disable Request.
• Include: Full name, email address associated with the affected Push account, company name, and the reason access was lost

📌 | Note: Super Administrators may submit requests on behalf of another user; however, the affected user’s email address must be included on the request for verification purposes.

⚠️ | Important: Our team may request additional information to verify your identity before changes can be made to your account.

Frequently Asked Questions About 2FA

The following section covers common questions about Two-Factor Authentication setup, login verification, device changes, and account recovery.

Q: Is 2FA mandatory?
A: : At this time, Two-Factor Authentication (2FA) is strongly recommended but not mandatory.

Enabling 2FA helps provide additional protection for your account and reduces the risk of unauthorized access to sensitive company information.

As account security requirements continue to evolve, 2FA requirements and enforcement policies may change in the future.

Q: How often will I need to enter a verification code?
A: Verification codes may not be required during every login attempt on the same trusted browser or device.

However, the platform may request a new verification code when:

• Logging in from a new browser or device
• Browser cookies or cache have been cleared
• Browser history has been cleared
• The trusted login session has expired

Trusted login sessions generally remain active for up to 15 days on the same browser/device combination.

Q: Why am I seeing a pop-up asking me to set up 2FA?
A: Some administrator users, especially those with payroll-related access, may receive reminders encouraging them to enable 2FA to help improve account security.

This can be skipped temporarily if you wish complete at a later time. For setup instructions, refer to the Enabling Two-Factor Authentication (2FA) section of this article.

Q: What happens if I lose my phone or get a new device?
A: Before replacing or resetting your device, review whether your authenticator app supports backup, synchronization, or device transfer options.

Many authenticator apps allow verification codes to be restored or transferred to a new device to help avoid interruptions to account access.

Please review your authenticator app’s Help Center documentation for the latest information on backing up, synchronizing, transferring, and restoring verification codes across devices.

For convenience, here are direct links to Authy, Google Authenticator, and Microsoft Authenticator resources.

If you prefer not to use backup or synchronization features, another option is to disable 2FA before replacing your device and then re-enable it once your new device has been configured.

If access to your authenticator app is lost before codes are transferred, refer to the Recovering Access to an Account with 2FA Enabled section of this article for next steps.

Q: Do I need to use Google Authenticator or Authy?
A: No, our platform supports most standard authenticator applications capable of generating time-based verification codes. However, Google Authenticator and Authy are the two apps most commonly recommended.

Q: Can employees contact Support for help with 2FA access issues?
A: Yes. While our Support Team does not typically provide direct account support for employee-level users, exceptions are made for Two-Factor Authentication (2FA) recovery requests.

If access to the account has been lost, refer to the Recovering Access to an Account with 2FA Enabled section of this article for the required recovery request process.

Q: Can Push Support give me my verification code?
A: No. Our Support Team cannot access or provide verification codes associated with your personal authenticator apps. 

Q: What should I do if I accidentally enabled 2FA before setting up an authenticator app?
A: If 2FA was enabled before an authenticator app was properly configured, you may become locked out of the account because no verification code will be available during login.

If this occurs, refer to the Recovering Access to an Account with 2FA Enabled section of this article for instructions on requesting assistance from our Support Team.

Q: What other steps can help improve account security?
A:  In addition to enabling Two-Factor Authentication (2FA), we recommend reviewing your account’s session timeout settings to help reduce the risk of unauthorized access on unattended or shared devices.

Session timeout settings automatically log users out after a period of inactivity.

Additional Information