---
title: Password Credentials
subtitle: Store login details and use them in automated sign-in flows
slug: cloud/managing-credentials/password-credentials
---

Password credentials store a username, password, and optional 2FA configuration. Reference them from [Login blocks](/cloud/building-workflows/configure-blocks) in your workflows, and Skyvern handles the entire sign-in flow, including entering 2FA codes.

## Creating a password credential

<Steps>
  <Step title="Open the Add dialog">
    Click **+ Add → Password** from the Credentials page.
  </Step>
  <Step title="Fill in your login details">
    Enter a **Name** (a label like "Salesforce Production"), **Username or Email**, and **Password**. The password field has an eye icon to toggle visibility.
  </Step>
  <Step title="Configure 2FA (optional)">
    Expand the **Two-Factor Authentication** accordion to set up automated 2FA handling. See [below](#adding-two-factor-authentication) for details.
  </Step>
  <Step title="Save">
    Click **Save**. The credential is immediately available for use in workflows.
  </Step>
</Steps>

<img src="/images/cloud/credentials-add-password.png" alt="Add password credential modal" />

## Adding two-factor authentication

If the site requires 2FA, expand the **Two-Factor Authentication** accordion below the password fields. Three options, depending on how the site delivers codes:

<img src="/images/cloud/credentials-2fa-setup.png" alt="2FA setup options showing Authenticator App, Email, and Text Message" />

| Method | How it works |
|--------|-------------|
| **Authenticator App** | Paste the TOTP secret key and Skyvern generates codes locally on demand. Fully automated with no delay. Preferred when the site supports it. |
| **Email** | Provide the email address that receives codes. Skyvern waits for you to push the code via the [2FA tab](/cloud/managing-credentials/totp-setup) or API. Identifier auto-fills from the Username field. |
| **Text Message** | Provide the phone number that receives codes. Same push-based flow as Email. |

<Tip>
Authenticator App is always the best option when available. Email and Text require either manual code entry or setting up automatic forwarding.
</Tip>

<Accordion title="Finding your TOTP secret key">
The secret key is the base32-encoded string behind the QR code you'd scan in an authenticator app. Most password managers let you view it:

- **Bitwarden**: Edit the login → TOTP field → copy the key
- **1Password**: Edit the login → One-Time Password → copy the secret
- **LastPass**: Edit the login → Advanced Settings → copy the TOTP secret
- **Site settings**: Many sites show a "Can't scan?" link during 2FA setup that reveals the text key

If you only have a QR code, decode it to extract the `secret=` parameter from the `otpauth://totp/...?secret=BASE32KEY` URI.
</Accordion>

## Using credentials in a workflow

In the Login block configuration, select a stored credential from the dropdown. Skyvern fills in the username and password automatically, and handles 2FA if configured.

## Managing credentials

Stored credentials show the name, credential ID, username (plain text), password (always masked), and 2FA method if configured.

<Note>
To edit a credential, click the **pencil icon** on its row. For security, saved passwords and secrets are never retrieved, so you must re-enter all sensitive fields when updating.
</Note>

<CardGroup cols={2}>
  <Card
    title="2FA / TOTP Setup"
    icon="shield-halved"
    href="/cloud/managing-credentials/totp-setup"
  >
    Push verification codes and manage 2FA for Email and Text methods
  </Card>
  <Card
    title="Block Reference"
    icon="cube"
    href="/cloud/building-workflows/configure-blocks"
  >
    Configure Login blocks and other blocks that use credentials
  </Card>
</CardGroup>