Set up Your Preferences for Two-Factor Authentication (2FA)

Authenticator apps for generating 2FA verification codes are supported in all NetSuite accounts. Consider switching to an authenticator app, if you are using SMS or Voice call methods. Authenticator apps can generate a verification code even when you cannot receive an SMS or voice call. For more information about selecting an authenticator app, see Supported Authenticator Apps.


As of March 1, 2023, users setting up or resetting their 2FA configurations must install and use an authenticator app to generate verification codes. Receiving codes by SMS will no longer be supported for users setting up 2FA for the first time, or for existing users who reset their 2FA settings. Users can also log in with the one-time backup codes provided during 2FA setup.

The SMS option is currently only prohibited for new 2FA setups. However, industry experts (such as NIST, W3C, and the FIDO Alliance) no longer view SMS as a secure delivery mechanism for 2FA verification codes. As part of our ongoing commitment to world-class security, the SMS option is targeted for removal in a future NetSuite release.

For more information, see:

You are allowed to dismiss the prompt to set up 2FA five times before you are required to select an authentication method and set up your authenticator app. Ten backup codes are generated when you complete the security setup page.


If you want to change your 2FA preferences, you must reset your 2FA settings. For more information, see Reset Your 2FA Settings

For more information, see the following topics:


After you set up your 2FA preferences, you may want to change them. For example, you may want to change your authenticator app. Or you might have lost your phone, bought a new one, or changed your phone number. To change your preferences, you must first reset (or clear) your 2FA settings in NetSuite. See Reset Your 2FA Settings. After the reset is completed, you must start the 2FA setup process from the beginning.

Related Topics

Logging In Using Two-Factor Authentication (2FA)
Using 2FA

General Notices