2FA is an extra layer of security used to make sure that people trying to gain access to an account are who they say they are. First, a user will enter their username and a password. Then, instead of immediately gaining access they will be required to provide another piece of information. This will be in the form of Google Authenticator or Yubikey in the case of Katapult. A mobile phone number is used as a backup.
Organisation-specific 2FA settings are discussed in more detail in the Security: Two Factor Authentication How-to Guide.
It is possible to have multiple 2FA methods on your account, i.e. Yubikey and Google Authenticator, and you can choose which one to use when you sign in.
If you have lost your 2FA devices; or they no longer work; then you will not be able to access your account. We have built a recovery process which makes use of either your linked mobile phone number or your accounts 2FA recovery key, provided at the point you configure your first 2FA device. For more information on 2FA recovery, see the 2FA Account Recovery how-to guide.