.png?fit=max&auto=format&n=EQK5eX9kTD8NzWwA&q=85&s=878008bf159fcc4964d0c0d508b6e400)
Enabling 2FA on your own account
Open your profile settings
Click your name or avatar in the bottom-left corner of the sidebar and select Profile Settings, or navigate to Settings > My Profile.
Find the security section
Scroll down to the Security or Two-Factor Authentication section on the profile settings page.
Choose your 2FA method
Select one of the two available methods:
- SMS (text message) — a one-time code is sent to your registered mobile number each time you log in
- Authenticator app — use an app such as Google Authenticator, Authy, or Microsoft Authenticator to generate time-based codes that refresh every 30 seconds
Complete verification
After selecting your method, you will be prompted to verify the setup:
- SMS: Enter the code sent to your phone number to confirm it is correct
- Authenticator app: Scan the QR code displayed on screen using your authenticator app, then enter the 6-digit code shown in the app to confirm the pairing
Setting up an authenticator app
If you choose the authenticator app method and do not already have an app installed, download one of these free options:| App | Platform | Notes |
|---|---|---|
| Google Authenticator | iOS, Android | Simple, widely used |
| Authy | iOS, Android, Desktop | Supports cloud backup of codes |
| Microsoft Authenticator | iOS, Android | Good for Microsoft 365 users |
| 1Password | iOS, Android, Mac, Windows | Integrated with password manager |
Requiring 2FA for all team members
Account Admins can force 2FA across all users. When this setting is active, any team member who tries to log in without 2FA enabled will be prompted to set it up before they can access the platform.Find the security policy
Look for a Security or 2FA Policy section at the top of the staff settings page. Some plans surface this under Settings > Security.
Enable the requirement
Toggle on Require Two-Factor Authentication for all users. Confirm the change when prompted.
Disabling 2FA
If you need to disable 2FA on your account:- Go to Settings > My Profile > Security
- Click Disable Two-Factor Authentication
- Enter a verification code from your current 2FA method to confirm the change
If an admin has enforced 2FA across the account, individual users cannot disable it for themselves. The admin must first turn off the account-wide requirement before any user can opt out.
Resetting 2FA for a team member
If a team member loses access to their authenticator app or phone and cannot log in:Reset their 2FA
Click the three-dot menu next to their name and select Reset 2FA (or Edit > Disable 2FA). This removes the 2FA requirement for their next login, allowing them to re-enroll with their new device.
Frequently asked questions
Can I use SMS and an authenticator app at the same time?
Can I use SMS and an authenticator app at the same time?
No. HoopAI requires you to choose one method at a time. If you want to switch methods, disable your current 2FA setup and re-enable with the new method.
What if I don't receive the SMS code?
What if I don't receive the SMS code?
Check that your phone number on file is correct under Settings > My Profile. Also ensure you have cell signal or mobile data. If codes consistently fail to arrive, consider switching to an authenticator app which does not depend on your carrier.
Are backup codes single-use?
Are backup codes single-use?
Yes. Each backup code can only be used once. After using a code, generate a new set under Settings > My Profile > Security > Regenerate Backup Codes to ensure you always have valid codes on hand.
Does 2FA affect API access?
Does 2FA affect API access?
No. API keys and webhook integrations authenticate separately and are not affected by 2FA settings on user accounts.
Is 2FA required for HIPAA compliance?
Is 2FA required for HIPAA compliance?
Yes. If you are using HoopAI in a HIPAA-compliant configuration, enforcing 2FA for all users is a required access control measure. See the HIPAA compliance guide for full requirements.