I Forgot My Password, Two-Factor Authentication, and Trusted Device
Password reset with your phone number, turning on two-factor authentication with Google Authenticator, keeping your backup codes, and the "remember this device" feature.
This article explains three security topics together: how to reset if you forgot your password, how to turn on and off two-factor authentication, and how to reduce asking for a code every login with "remember this device".
1. I Forgot My Password — Reset flow
Step 1 — Use the link on the login screen
On the login page, click the "I forgot my password" link. Enter your registered phone number in the page that opens as 11 digits (starting with 0, e.g., 05551234567) and submit.
Step 2 — Enter the confirmation code
A 6-digit confirmation code is sent to your phone (or to your email if the email channel is defined). In the next screen, enter this code and your new password and confirm. The system immediately activates your new password and directs you to the login page.
Password rules
- At least 8 characters.
- The same as your old password is not accepted.
- Do not prefer easy-to-guess combinations (123456, your birth year, etc.).
2. Turning on two-factor authentication (2FA)
Two-factor authentication protects your account by asking not only for a password but also a 6-digit code generated from your phone app. Even if your account is stolen, the attacker cannot log in because they don't have access to your phone.
Step 1 — Go to the profile page
Open the Two-Factor Authentication link from the profile menu at the top right corner (or from the left menu Settings → Profile → Two-Factor Authentication).
Step 2 — Scan the QR code with your phone
You see a QR code on the screen. Install Google Authenticator (or a similar app like Microsoft Authenticator, Authy) on your phone and scan the QR code. The app adds your account to its list and starts generating a 6-digit code that is refreshed every 30 seconds.
Step 3 — Enter the verification code
In the box on the same page, write the 6-digit code currently displayed in the app and confirm. The system checks that it is correct and activates two-factor authentication.
Step 4 — Keep your backup codes
After activation, 10 backup codes (each 8 digits) are shown on the screen. These are one-time login keys you can use if you lose your phone or the app does not open.
3. Login while two-factor authentication is active
While 2FA is active, an additional page appears after your password at every login:
- Open the app on your phone.
- Read the 6-digit code shown for Apt Yönet.
- Write it in the box on the page and confirm.
Login with backup code
At the bottom of the verification page is the "Use backup code" link. If you cannot access your phone, click and enter one of the 8-digit backup codes you kept. The used backup code is valid once — cannot be used again, drops from the list.
4. "Remember this device 30 days" (Trusted Device)
If you check the "Remember this device 30 days" box on the two-factor authentication page, the system considers this browser trusted for 30 days and asks only for the password in the next logins — does not ask for the 2FA code.
Managing trusted devices
When you open the Trusted Devices page from the top right profile menu:
- All currently trusted browsers are listed (added date + last use + IP).
- The "Delete" button next to each row removes the trust of that device (the next login will ask for 2FA again).
- The "Remove all" button at the top clears all devices in the list.
If you lose your phone/laptop, immediately go to this page and delete that device from the list to prevent unauthorized entry — the fastest way.
5. Turning off two-factor authentication
On the Profile → Two-Factor Authentication page, use the "Disable" button in the active card. You will be asked to enter your password and a current 6-digit code (or backup code) for the operation. When you confirm, the authentication is deactivated; subsequent logins are made only with the password.
6. Backup codes exhausted or leaked — Refresh
If you think you shared your backup codes or used them all, use the "Refresh Backup Codes" button on the same page. The operation asks for password + a verification code; when successful, old codes become invalid and 10 new codes are shown.
Next step
The system may ask you again for a password/2FA code in some sensitive operations. Go to the article that explains this: Account Lock and Re-authentication.
Was this article helpful?
Your feedback helps us improve the content.
This article is based on real-world experience with the Apt Yönet panel. Last updated: