Two-factor authentication FAQs

This article is for Administrators. Learn more about permissions. If you’re a Member, check out our Member resources.

If you're reading this article, you most likely received an email from us letting you know that two-factor authentication is now available in your account and that you'll need to enable it soon. We have answers below to some questions you might have around what this means and how it affects you and your teammates.

You can learn more about what 2FA is and how to enable and disable it in our general 2FA article. If you have any other questions, please reply to the email you received or use the Contact Us button at the top right.

Why does my account need to enable 2FA?

Beginning November 30, 2022, any Harvest account that uses the Xero integration will be required to use 2FA for signing in to Harvest. This is a new requirement from Xero and offers a higher level of account security. As an Administrator in Harvest, you can now enable this feature for your account and have until November 30 to do so.

What will happen when I enable 2FA?

Once two-factor authentication is enabled, every person in your Harvest account will need both a password and a generated code (sent by email or authenticator app) to sign in to Harvest. When an Administrator first enables 2FA for the whole account, everyone on the account (including that Administrator) will be signed out of Harvest. They’ll be asked to set up 2FA for their profile the next time they sign in.

Do I need to take any other actions?

If you use our iPhone or Android mobile app, or the Mac or Windows desktop app, you'll need to update to the latest version, which includes 2FA capabilities.

What will happen if I don't enable 2FA?

On November 30, 2022, if you haven't taken this step, your Harvest account will be disconnected from Xero. You'll need to go to Settings in Harvest to reconnect and, as part of the process, enable 2FA.

Which accounts have this feature?

For now, 2FA is only available for Harvest accounts that are currently connected to Xero or want to set up a new Xero connection.

What if I belong to multiple Harvest/Forecast accounts, and not all of them have 2FA enabled?

If you belong to multiple accounts and at least one of those accounts requires 2FA, you’ll always need to use 2FA when signing in, regardless of which account you want to access. 

What if I currently use Google Sign-In? 

You can use both Google Sign-In and Harvest 2FA when signing in (no need to disable Google SSO to set up 2FA), but you won’t be able to use Google Sign-In in place of Harvest 2FA if you need to connect to Xero. 

Can I enable 2FA for myself only? 

No. 2FA will need to be enabled account-wide as a sign-in requirement. This means everyone on the account will be prompted to set up 2FA before they can access Harvest again.

What is an authenticator app, and which one should I use?

An authenticator app is an app on your phone, or a feature within some password managers, that regularly generates new verification codes that serve as the second "factor" in two-factor authentication.

We don’t have any specific recommendations, but there are several authenticator apps available, including Google Authenticator, Microsoft Authenticator, Authy, 1Password, and Duo (just to name a few). Note that you can also choose to receive authentication codes by email—you don’t need to use an authenticator app.

How long does a 2FA sign-in code last? 

Any given code is valid for 5 minutes. However, most authenticator app codes will change every 30 seconds, and only the current code is valid to use.

What if I lose access to my authenticator app?

You can opt to send a code to your email instead; then, you’ll be able to set up a new authenticator app in Harvest ID > Security if you choose to do so. 

Did you find this article helpful?

Still have questions? We’re happy to help!

Contact us