[No QA] Update Two-Factor-Authentication.md

[jliexpensify]

Resource Updates for https://github.com/Expensify/Expensify/issues/626857

Just changed the following:

• New file name
• Noted that after May 2026, Recovery Codes are automatically downloaded

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c6bf11aec5

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[github-actions]

HelpDot Documentation Review

Overall Assessment

This PR updates the Two-Factor Authentication article to reflect a product change: recovery codes are now automatically downloaded rather than requiring the user to manually click Download or Copy. The changes are localized to the setup steps and one FAQ answer. The updates are generally clear but introduce a few style and accuracy concerns worth addressing.

Scores Summary

• Readability: 7/10 - The revised steps are mostly clear, but step 5 is written as a statement about system behavior rather than a user action, which breaks the action-oriented step pattern. The sub-bullet beginning with "However" reads awkwardly in an instructional context.
• AI Readiness: 8/10 - No impact on headings, metadata, or structure. The changes are within existing well-structured sections. No regressions here.
• Style Compliance: 6/10 - Several naming convention issues: the term "Recovery Codes" is capitalized inconsistently (capitalized in some places, lowercase "recovery codes" in others within the same diff). The old terminology "backup codes" is replaced with "Recovery Codes" in some places but the Important note still uses lowercase "recovery codes." The phrase "the computer or device where two-factor authentication was set up" is verbose and not UI-exact language. The FAQ answer uses a future date reference ("after May 2026") that will age poorly.

Key Findings

• Step 5 is not action-oriented. Per HELP_AUTHORING_GUIDELINES.md Section 5, step instructions must be action-oriented. The current step 5 ("Your Recovery Codes will be automatically saved...") describes system behavior rather than a user action. Consider restructuring, e.g., making it a note after step 4, or reframing as "Save your Recovery Codes, which are automatically downloaded to your device."
• Inconsistent capitalization of "Recovery Codes." The diff capitalizes "Recovery Codes" in step 5 and the FAQ answer, but the Important note still uses lowercase "recovery codes." Per HELPSITE_NAMING_CONVENTIONS.md, UI terminology must be exact and consistent throughout. Pick whichever matches the UI and use it everywhere.
• "However" sub-bullet is awkward in steps. Starting a sub-bullet with "However, we also recommend..." introduces an editorial tone. A simpler phrasing like "Copy and store them in a secure location as a backup" would be more direct and action-oriented.
• Date reference in FAQ will age poorly. The phrase "As long as you set up 2FA after May 2026" is a temporal qualifier that will become confusing over time. Consider rephrasing to avoid hardcoded dates, or adding context about when this change took effect in a way that remains useful long-term.
• File name change is clearly communicated. The update from two-factor-auth-codes to DO-NOT-DELETE_Expensify-2FA-RecoveryCodes is specific and helpful for users searching for the file.
• "copy or save" phrasing in Important note is good. The addition of "copy or save" in the Important note accurately reflects the updated workflow.

Recommendations

1. Restructure step 5 to be action-oriented rather than descriptive. System behavior should be presented as a note or context, not as a numbered step.
2. Standardize "Recovery Codes" capitalization across all changed lines. Verify what the UI actually displays and match it exactly.
3. Remove or rephrase the "However" sub-bullet to be more direct and actionable.
4. Reconsider the "after May 2026" date reference in the FAQ. Either remove the temporal qualifier or phrase it as "Starting in May 2026" with a note that older setups may use the previous file name.
5. Fix the duplicate step numbering -- the old version had two step 4s (which is a pre-existing issue), but the new version should ensure correct sequential numbering (steps 4, 5, 6, 7 look correct in the diff).

Files Reviewed

• docs/articles/new-expensify/settings/Two-Factor-Authentication.md - Updated to reflect automatic recovery code download behavior. Several style and consistency issues identified in the changed lines.

Review based on governance rules defined in docs/HELPSITE_NAMING_CONVENTIONS.md, docs/HELP_AUTHORING_GUIDELINES.md, and docs/TEMPLATE.md.

[OSBotify]

A preview of your ExpensifyHelp changes have been deployed to https://679c83ad.helpdot.pages.dev ⚡️

Updated articles:

• articles/new-expensify/settings/Two-Factor-Authentication

[github-actions]

Step formatting violation: Step 5 describes a system behavior ("Your Recovery Codes will be automatically saved..."), not a user action. Per HELP_AUTHORING_GUIDELINES.md Section 5, all step instructions must be "action-oriented."

Consider reframing as a user action, e.g.:
5. Save a copy of your Recovery Codes (automatically downloaded to your device).

This keeps the step action-oriented while conveying the auto-download behavior.

[github-actions]

Style / tone: The sub-bullet "However, we also recommend..." uses first-person ("we") and starts with a hedging word ("However"). HelpDot articles should be concise and direct. Consider rephrasing to remove first-person and make the recommendation clearer, e.g.:

- Copy and store them in a separate secure location as a backup.

[github-actions]

Readability / future-proofing: "As long as you set up 2FA after May 2026" introduces a temporal condition that will become confusing over time as more readers will have set up 2FA after that date. Consider removing the date condition or rephrasing to be evergreen, e.g.:

The codes are automatically added to your device's Downloads folder under the file name \DO-NOT-DELETE_Expensify-2FA-RecoveryCodes`.`

[github-actions]

HelpDot Documentation Review

Overall Assessment

This PR updates the Two-Factor Authentication article to reflect a product change: recovery codes are now automatically downloaded rather than requiring manual copy/download. The changes are focused and factual, updating steps 4-7 of the enable flow and revising the FAQ answer about recovery codes.

Scores Summary

• Readability: 7/10 - The updated steps are generally clear, but step 5 introduces an awkward sub-bullet ("However, we also recommend...") that reads more like a caveat than an actionable step. The word "However" at the start of a sub-bullet is an unusual pattern for procedural instructions.
• AI Readiness: 8/10 - No changes to headings or metadata, which already comply. The new content uses the full feature name ("Recovery Codes") consistently, aiding retrieval. The FAQ answer includes a specific date reference ("May 2026") and file name, which grounds the content well for AI extraction.
• Style Compliance: 7/10 - Button references (Continue, Verify) remain correctly bolded. However, "Recovery Codes" is capitalized as a proper noun throughout the diff but is not a bolded UI element -- this may create inconsistency if the UI does not capitalize it that way. The phrase "automatically saved onto the computer or device" is slightly vague per the deterministic writing rule; it could specify "Downloads folder" in the steps as it does in the FAQ.

Key Findings

• The step renumbering (4 to 5, 5 to 6, 6 to 7) is correct and consistent after removing the old step 4 content.
• The FAQ update includes a time-bound condition ("As long as you set up 2FA after May 2026") which is helpful but could become outdated. Consider whether this temporal qualifier will remain accurate long-term or if it should be simplified once the old flow is fully deprecated.
• There is an information gap between step 5 (which says codes are "automatically saved") and the FAQ (which specifies the exact file name and Downloads folder location). The step-level instructions would benefit from including the file name for completeness.
• The change from "backup codes" to "Recovery Codes" is a positive terminology alignment, assuming this matches the current UI language.

Recommendations

1. Clarify step 5: Consider making it more actionable -- e.g., "Your Recovery Codes will be automatically downloaded to your device's Downloads folder as DO-NOT-DELETE_Expensify-2FA-RecoveryCodes." This removes the need for the sub-bullet and aligns with the FAQ detail.
2. Verify "Recovery Codes" capitalization: Confirm this matches the exact UI label per naming conventions. If the UI shows "recovery codes" in lowercase, adjust accordingly.
3. Consider future-proofing the FAQ: The "As long as you set up 2FA after May 2026" qualifier may confuse users reading this article years from now. Once the old flow is sunset, consider removing the date condition.
4. Minor style note: The sub-bullet "However, we also recommend copying and storing them in a secure location" could be simplified to "We recommend also copying them to a secure location" -- removing "However" which implies contradiction rather than supplementary advice.

Files Reviewed

• docs/articles/new-expensify/settings/Two-Factor-Authentication.md -- Updated recovery code instructions in the enable flow (steps 4-7) and FAQ section to reflect automatic download behavior.

[github-actions]

Style / tone: "Expensify will automatically download a set of Recovery Codes" uses first-person brand voice ("Expensify will"). For consistency with the deterministic, user-focused writing style required by HELPSITE_NAMING_CONVENTIONS.md, consider reframing from the user's perspective, e.g.:

When you enable 2FA, a set of Recovery Codes is automatically downloaded to your device. You can use these codes in lieu of the 6-digit authenticator code to regain access to your account.

[melvin-bot]

@stephanieelliott looks like this was merged without a test passing. Please add a note explaining why this was done and remove the Emergency label if this is not an emergency.

[OSBotify]

🚀 Deployed to staging by https://github.com/stephanieelliott in version: 9.3.80-0 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅

Bundle Size Analysis (Sentry):

• Android
• iOS

[OSBotify]

🚀 Deployed to production by https://github.com/luacmartins in version: 9.3.81-2 🚀

platform	result
🕸 web 🕸	success ✅
🤖 android 🤖	success ✅
🍎 iOS 🍎	success ✅