> ## Documentation Index
> Fetch the complete documentation index at: https://docs.firstwork.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Two-Factor Authentication

> Handle OTP and two-factor authentication challenges during agent execution

Many websites require two-factor authentication (2FA) during login or sensitive actions. AI Agents can handle these challenges using the **Fetch OTP** instruction.

***

## How It Works

1. The agent navigates to a login page and enters credentials
2. The website sends a one-time password (OTP) via email or SMS
3. The **Fetch OTP** instruction retrieves the OTP from the configured source
4. The agent types the OTP into the verification field and continues

***

## Fetch OTP Instruction

The Fetch OTP instruction retrieves a one-time password from a configured source. It supports:

| Source    | Description                                                    |
| --------- | -------------------------------------------------------------- |
| **Email** | Retrieve OTP from an email inbox by matching subject or sender |
| **SMS**   | Retrieve OTP from an SMS message                               |

The instruction waits for the OTP to arrive within a configurable timeout, then extracts the code and makes it available for the next instruction.

***

## Tips

* **Use sensitive input variables** for login credentials — this masks them in execution logs
* **Add a Wait instruction** before Fetch OTP if the website takes time to send the code
* **Set an appropriate timeout** — OTP delivery can vary from seconds to minutes
