The two-factor authentication is an authentication method that uses two disparate factors to verify the identity of a user.

If you enable the two-factor authentication, you will be prompted for your "login name and password" and "verification code" whenever you log in to Kintone.
You obtain the "verification code" from the authentication app installed on your mobile device.

Using two-factor authentication enables you to prevent unauthorized access by third parties even when they identified the combination of the user's login name and password. It is because it requires the authentication that uses "the mobile device that only the user possesses" for a successful login.

If you enable the two-factor authentication, you must provide the "verification code" when configuring login settings on the mobile app.

For details, refer to the following page:

• Using the Mobile App for iOS
• Using the Mobile App for Android

REST API does not support the two-factor authentication.
Therefore, users who enabled the two-factor authentication cannot use password authentication in REST API.

They should use other authentication methods such as API token, session authentication, or OAuth authentication, or use another user for integrations whose two-factor authentication setting is disabled.

For details on API, refer to the following website:
Kintone Developer Program

Guest users in Kintone cannot use the two-factor authentication.