Two-factor authentication (2FA) adds an extra layer of security to your Apron account by requiring a one-time code in addition to your password. 2FA can help stop bad actors from accessing your account and is required for anyone releasing Wallet payments.
Two-Factor Authentication explained
2FA requires two things to access your account:
Something you know – Your password
Something you have – A one-time code from your authenticator app or via SMS
Result – Much stronger security, even if someone steals your password
Enabling 2FA is one of the most important steps you can take to secure your Apron account and protect your financial data.
Before you start
2FA only works with password login (not email codes) — if you don't have a password set up yet, you'll be prompted to create one when you start
Make sure your mobile device is nearby — you'll need it to receive SMS codes or generate codes from your authenticator app
If you'd like to use an authenticator app, download one before you start — popular options include Google Authenticator, Microsoft Authenticator, or Authy
Setting up 2FA
Go to Settings, then Personal settings
Click Login and security, then Authentication
Click Set up next to your preferred method — Authenticator app or Text message (SMS)
Authenticator app
Scan the QR code with your authenticator app, or manually enter the provided code if you can't scan it
Your app will start showing 6-digit codes that change every 30 seconds
Enter the current code to confirm setup and click Continue
Text message (SMS)
Enter your mobile phone number
Enter the verification code sent to your phone to confirm setup
You can enable both methods if you'd like. When both are active, authentication defaults to whichever method you used most recently, but you'll always have the option to switch to the other at the point of authentication.
Enforced 2FA
Your company Admin might require all team members to use 2FA. If so, you:
Will receive an email notification if this becomes mandatory
Must switch to password login if using email codes
Can't disable 2FA while enforcement is active
Can ask your Admin for help if you have setup issues
Enforcing 2FA as an Admin or Owner
If you're an Admin or Owner, you can enforce 2FA for all members under Settings > Company settings > Members by toggling on Require all members to use two-factor authentication. You can turn this off at any time from the same screen. This helps protect your team and your business.
Turning off 2FA
You can turn off either 2FA method at any time from Settings > Personal settings > Login and security > Authentication by clicking Turn off next to the relevant method. To confirm, you'll need to enter a valid 2FA code — this can be from either method, regardless of which one you're turning off.
Note that you won't be able to turn off 2FA if:
You have Wallet payment permissions enabled
Your company's Owner has enforced 2FA for all members
Important security notes
Keep backup codes safe – Some authenticator apps provide backup codes for emergencies
Don't share screenshots – Never share QR codes, setup screens, or 2FA codes with anyone
Troubleshooting 2FA
Codes not working (authenticator app) – Check the time sync on your phone
Can't scan QR code – Use the manual entry option instead
Not receiving SMS codes – Make sure you have a mobile signal and that the phone number entered is correct. If the issue persists, try switching to an authenticator app or contact support
Lost phone – Contact support for account recovery
App deleted – You'll need to set up 2FA again from scratch
If you lose access to your 2FA method
Contact [email protected] our team will help restore access to your account.