# Security for Collectives

Two-factor authentication (2FA) adds another level of security to accounts.

If an account’s password is hacked, it requires the user to provide another proof of identity, such as a security question or a code generated from an authenticator app.

Collectives and their Fiscal Hosts can choose to force all admins to have 2FA enabled. This will block any admin from accessing admin pages or completing tasks until they’ve done so.

### Enforcing 2FA for all admins

* Go to your collective's Dashboard > Settings > Security.
* Click on the tick box for “All admins must have 2FA.
* Save your changes.

<figure><img src="https://649014586-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNDB6a9zS8ZMISyZwm7K9%2Fuploads%2FZiiBn9Jx3ePtMpbRqhmJ%2Fimage.png?alt=media&#x26;token=1a588181-16ae-4c69-a055-3d5d5056b967" alt="Screenshot of a Collective&#x27;s Security page with two-factor authentication enabled."><figcaption><p>Collective's Security page with two-factor authentication enabled.</p></figcaption></figure>

{% hint style="info" %}
If you get locked out of your account due to 2FA please [contact our support team](https://opencollective.com/help). In order to grant you access we will require substantial proof that the account is indeed yours.&#x20;
{% endhint %}