While it is important to have a strong password, to gain extra security, e.g. in case your password or device ever gets compromised, it is a good idea to configure Two-factor Authentication for your account.
With Two-factor Authentication, you will be asked for an authentication code generated using your phone in addition to your password when logging into Codeberg.
([F-Droid](https://f-droid.org/de/packages/com.beemdevelopment.aegis/) | [Google Play Store](https://play.google.com/store/apps/details?id=com.beemdevelopment.aegis&hl=en_US)) or Authenticator ([App Store](https://itunes.apple.com/app/authenticator/id766157276)).
After scanning the QR code with your app, enter the six-digit code displayed in your app into the "Passcode" field of the settings form, then click "Verify".
From now on, each time you log into Codeberg, you will be asked for an authentication code from your app, adding a layer of security over using only a password.
If you push via HTTP (see [Clone & Commit via HTTP](/git/clone-commit-via-http)), an extra step will be needed to create a personal access token. This token will replace your normal password (+ authentication code) on Codeberg.
You can create as many token as you like: one for each computer, one for each Git client, one for each session... you decide! You can also revoke tokens at any time by pressing the red `Delete` next to the token (see previous screenshot).