I Forgot My Password, Two-Factor Authentication, and Trusted Device

Password reset with your phone number, turning on two-factor authentication with Google Authenticator, keeping your backup codes, and the "remember this device" feature.

19 Haz 2026 167 reads

This article explains three security topics together: how to reset if you forgot your password, how to turn on and off two-factor authentication, and how to reduce asking for a code every login with "remember this device".

1. I Forgot My Password — Reset flow

Step 1 — Use the link on the login screen

On the login page, click the "I forgot my password" link. Enter your registered phone number in the page that opens as 11 digits (starting with 0, e.g., 05551234567) and submit.

Step 2 — Enter the confirmation code

A 6-digit confirmation code is sent to your phone (or to your email if the email channel is defined). In the next screen, enter this code and your new password and confirm. The system immediately activates your new password and directs you to the login page.

If the system cannot find your phone number, the info message is still shown as "If the phone is registered, the confirmation code has been sent." This is a conscious protection so that malicious users cannot query "which number is registered?" If you don't get the code, check your number again.

Password rules

  • At least 8 characters.
  • The same as your old password is not accepted.
  • Do not prefer easy-to-guess combinations (123456, your birth year, etc.).

2. Turning on two-factor authentication (2FA)

Two-factor authentication protects your account by asking not only for a password but also a 6-digit code generated from your phone app. Even if your account is stolen, the attacker cannot log in because they don't have access to your phone.

Step 1 — Go to the profile page

Open the Two-Factor Authentication link from the profile menu at the top right corner (or from the left menu Settings → Profile → Two-Factor Authentication).

Step 2 — Scan the QR code with your phone

You see a QR code on the screen. Install Google Authenticator (or a similar app like Microsoft Authenticator, Authy) on your phone and scan the QR code. The app adds your account to its list and starts generating a 6-digit code that is refreshed every 30 seconds.

Step 3 — Enter the verification code

In the box on the same page, write the 6-digit code currently displayed in the app and confirm. The system checks that it is correct and activates two-factor authentication.

Step 4 — Keep your backup codes

After activation, 10 backup codes (each 8 digits) are shown on the screen. These are one-time login keys you can use if you lose your phone or the app does not open.

Be sure to keep the backup codes. Print from the printer, save to a secure notes app, or add to your password manager. If you lose your phone + do not have backup codes either, you need to open a request from the system team to access your account (takes a long time).

3. Login while two-factor authentication is active

While 2FA is active, an additional page appears after your password at every login:

  1. Open the app on your phone.
  2. Read the 6-digit code shown for Apt Yönet.
  3. Write it in the box on the page and confirm.

Login with backup code

At the bottom of the verification page is the "Use backup code" link. If you cannot access your phone, click and enter one of the 8-digit backup codes you kept. The used backup code is valid once — cannot be used again, drops from the list.

4. "Remember this device 30 days" (Trusted Device)

If you check the "Remember this device 30 days" box on the two-factor authentication page, the system considers this browser trusted for 30 days and asks only for the password in the next logins — does not ask for the 2FA code.

This feature should only be checked for the browser you use yourself. Never check on shared / cafe / workplace computers.

Managing trusted devices

When you open the Trusted Devices page from the top right profile menu:

  • All currently trusted browsers are listed (added date + last use + IP).
  • The "Delete" button next to each row removes the trust of that device (the next login will ask for 2FA again).
  • The "Remove all" button at the top clears all devices in the list.

If you lose your phone/laptop, immediately go to this page and delete that device from the list to prevent unauthorized entry — the fastest way.

5. Turning off two-factor authentication

On the Profile → Two-Factor Authentication page, use the "Disable" button in the active card. You will be asked to enter your password and a current 6-digit code (or backup code) for the operation. When you confirm, the authentication is deactivated; subsequent logins are made only with the password.

6. Backup codes exhausted or leaked — Refresh

If you think you shared your backup codes or used them all, use the "Refresh Backup Codes" button on the same page. The operation asks for password + a verification code; when successful, old codes become invalid and 10 new codes are shown.

Next step

The system may ask you again for a password/2FA code in some sensitive operations. Go to the article that explains this: Account Lock and Re-authentication.

Was this article helpful?

Your feedback helps us improve the content.

Prepared by the Apt Yönet team

This article is based on real-world experience with the Apt Yönet panel. Last updated:

Related Articles

Manager

Updating Your Phone or Email Address

You can change your phone number from the profile page. Since your email address is the fundamental key to your account, you cannot change it yourself — you open a request to the system team.