# Multi-factor Authentication
Multi-factor authentication (MFA) is a best-practice authentication method that improves security for user accounts and access requests. It adds an extra layer of verification beyond traditional username and password credentials.
Apono's implementation of MFA allows administrators to enforce additional authentication for specific access flows, particularly for sensitive environments or data.
When MFA is enabled for an access flow, you gain the following key benefits:
* Enhanced security that blocks nearly 100% of[ automated account attacks](https://www.zdnet.com/article/microsoft-using-multi-factor-authentication-blocks-99-9-of-account-hacks/)
* Access to Apono logs that record when MFA was performed
* Support for all major authenticator apps
***
### Enable MFA for a requester account
If an administrator has enabled MFA for a resource you are requesting, you will need to enable MFA for your account.
Multi-Factor Authentication widget
Follow these steps to complete the integration:
1. In the Apono UI, in the banner at the top of the page, click **Set Up MFA**. The **Privacy & Security** window appears.
{% hint style="success" icon="lightbulb" %}
You can also click your user avatar **> Security & Privacy**.
{% endhint %}
2. Under **Multi-Factor Authentication**, in the **Add Authentication App** box, click **Set up**. The **Multi-Factor Authentication** pop-up window appears.
3. Follow the on-screen prompts to complete the authentication setup. The MFA callout banner will disappear.
For any MFA-protected request, you will need to enter the six-digit code from your authenticator app. Your successful MFA will persist for an hour and apply to any requests made within this time.
***
### Reset MFA for a requester account
{% hint style="info" %}
Only account admins can reset multi-factor authentication, including for themselves.
{% endhint %}
In instances when a user is unable to complete MFA verification due to a lost device or misconfigured authenticator, the user's MFA can be reset. The user can then log in and set up MFA again.
Resetting MFA removes the user’s current MFA enrollment. This change takes effect immediately and applies to the user across all Apono UIs they can access.
Users tab
Follow these steps to reset MFA for a user account:
1. On the [**Users**](https://app.apono.io/identities) tab, enter the user's name or email address in the search box. The list is filtered to the matching user.
{% hint style="success" icon="lightbulb" %}
If the user is enrolled in MFA, a green checkmark appears in the row under **MFA**.
{% endhint %}
2. In the row of the user, click (reset MFA icon). The **Reset MFA** confirmation pop-up window appears.
3. Click **Reset MFA**. The pop-up window closes. The user is unenrolled from multi-factor authentication.
Once unenrolled, the user can [enable MFA for their account](https://docs.google.com/document/d/1jflK40Zurr_kEqtb3izHXYvU9V3qCfDhQYuUWvaG34M/edit?tab=t.xrlbuzsy6uwi#heading=h.do37dyrfq5by) again.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.apono.io/docs/architecture-and-security/multi-factor-authentication.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.