To keep your account secure, we support Two-Factor Authentication (2FA).

• 2FA is enabled for the professional forever
  

• This is not possible, when 2FA is enabled for a professional it is on forever.
  

• 2FA is enabled for all existing professionals in the firm.

• Any new joiners to the firm will have 2FA automatically enabled.

• Any professionals leaving the firm keep 2FA enabled. They may disable it, unless their network still requires it.

• Existing professionals keep 2FA enabled.

• New professionals joining will retain their current 2FA setting:

  • 2FA is enabled if either the firm or network requires it.

  • 2FA stays disabled only if both firm and network disable it.
    

• 2FA is enabled for all professionals in the network.

• New professionals joining must have 2FA enabled.

• Professionals leaving the network keep 2FA enabled, but can disable it unless their firm still requires it.
  
  

• Existing professionals keep 2FA enabled.

• New joiners to the network keep their current 2FA setting.

• If the new firm requires 2FA, it is enabled for the professional.

• If the new firm doesn’t require 2FA, and the network still does, 2FA is enabled.

• If both firm and network have 2FA disabled, 2FA is enabled.
  

• If created in a firm that requires 2FA, it is enabled.

• If created in a firm that does not require 2FA, but the network does, 2FA is enabled.

• If both firm and network have 2FA disabled, 2FA is enabled.

• If the new network requires 2FA, it is enabled for all professionals in the firm.

• If the new network does not require 2FA, no changes are made.
  

• 2FA isn’t set yet (no professionals).

• The firm’s 2FA setting is inherited from the network.

This guide explains how 2FA behaves for firm admins, based on whether it's enforced by a firm or a network.

When a firm decides to enforce 2FA for its firm admins:

• All current firm admins (both active and allowed) for that firm have their 2FA type set to EMAIL.

• Any new firm admin created for a firm that enforces 2FA will automatically have their 2FA type set to EMAIL.

• If an existing admin gains access to a 2FA-enforced firm, their 2FA type is updated to EMAIL.

• Existing admins keep 2FA (EMAIL) even after enforcement is turned off, unless manually reverted to NONE (which is not recommended).

• New admins created after enforcement is turned off will have 2FA type set to NONE, unless another firm or network they access still enforces 2FA.

When a network chooses to enforce 2FA for firm admins who access it (or its firms):

• All current firm admins with access to the network (or its firms) have their 2FA type set to EMAIL.

• Any new firm admin with access to a network (or firm within the network) that enforces 2FA will automatically have their 2FA type set to EMAIL.

• If an existing firm admin is granted access to a network (or one of its firms) that enforces 2FA, their 2FA type is set to EMAIL.

• Existing admins retain their 2FA type set to EMAIL.

• New admins created after enforcement is turned off will have 2FA type as NONE, unless they access another firm or network that enforces 2FA.