diff --git a/conf/ezbookkeeping.ini b/conf/ezbookkeeping.ini
index 40917042..ab4f145a 100644
--- a/conf/ezbookkeeping.ini
+++ b/conf/ezbookkeeping.ini
@@ -37,6 +37,9 @@ enable_gzip = false
 # Set to true to log each request and execution time
 log_request = true
 
+# Add X-Request-Id header to response to track user request or error, default is true
+request_id_header = true
+
 [mcp]
 # Set to true to enable MCP (Model Context Protocol) server (via http / https web server) for AI/LLM access
 enable_mcp = false
@@ -190,9 +193,6 @@ enable_create_scheduled_transaction = true
 # Used for signing, you must change it to keep your user data safe before you first run ezBookkeeping
 secret_key =
 
-# Set to true to enable two-factor authorization
-enable_two_factor = true
-
 # Token expired seconds (60 - 4294967295), default is 2592000 (30 days)
 token_expired_time = 2592000
 
@@ -215,9 +215,6 @@ max_failures_per_ip_per_minute = 5
 # Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable
 max_failures_per_user_per_minute = 5
 
-# Add X-Request-Id header to response to track user request or error, default is true
-request_id_header = true
-
 [user]
 # Set to true to allow users to register account by themselves
 enable_register = true
@@ -234,6 +231,9 @@ enable_forget_password = true
 # Set to true to require email must be verified when use forget password
 forget_password_require_email_verify = false
 
+# Set to true to enable two-factor authorization
+enable_two_factor = true
+
 # Set to true to allow users to upload transaction pictures
 enable_transaction_picture = true
 
diff --git a/pkg/settings/setting.go b/pkg/settings/setting.go
index f15a9209..10e8fa0e 100644
--- a/pkg/settings/setting.go
+++ b/pkg/settings/setting.go
@@ -245,8 +245,9 @@ type Config struct {
 
 	StaticRootPath string
 
-	EnableGZip       bool
-	EnableRequestLog bool
+	EnableGZip            bool
+	EnableRequestLog      bool
+	EnableRequestIdHeader bool
 
 	// MCP
 	EnableMCPServer     bool
@@ -299,7 +300,6 @@ type Config struct {
 	// Secret
 	SecretKeyNoSet                        bool
 	SecretKey                             string
-	EnableTwoFactor                       bool
 	TokenExpiredTime                      uint32
 	TokenExpiredTimeDuration              time.Duration
 	TokenMinRefreshInterval               uint32
@@ -311,7 +311,6 @@ type Config struct {
 	PasswordResetTokenExpiredTimeDuration time.Duration
 	MaxFailuresPerIpPerMinute             uint32
 	MaxFailuresPerUserPerMinute           uint32
-	EnableRequestIdHeader                 bool
 
 	// User
 	EnableUserRegister               bool
@@ -319,6 +318,7 @@ type Config struct {
 	EnableUserForceVerifyEmail       bool
 	EnableUserForgetPassword         bool
 	ForgetPasswordRequireVerifyEmail bool
+	EnableTwoFactor                  bool
 	EnableTransactionPictures        bool
 	MaxTransactionPictureFileSize    uint32
 	EnableScheduledTransaction       bool
@@ -561,6 +561,7 @@ func loadServerConfiguration(config *Config, configFile *ini.File, sectionName s
 
 	config.EnableGZip = getConfigItemBoolValue(configFile, sectionName, "enable_gzip", false)
 	config.EnableRequestLog = getConfigItemBoolValue(configFile, sectionName, "log_request", false)
+	config.EnableRequestIdHeader = getConfigItemBoolValue(configFile, sectionName, "request_id_header", true)
 
 	return nil
 }
@@ -801,7 +802,6 @@ func loadCronConfiguration(config *Config, configFile *ini.File, sectionName str
 func loadSecurityConfiguration(config *Config, configFile *ini.File, sectionName string) error {
 	config.SecretKeyNoSet = !getConfigItemIsSet(configFile, sectionName, "secret_key")
 	config.SecretKey = getConfigItemStringValue(configFile, sectionName, "secret_key", defaultSecretKey)
-	config.EnableTwoFactor = getConfigItemBoolValue(configFile, sectionName, "enable_two_factor", true)
 
 	config.TokenExpiredTime = getConfigItemUint32Value(configFile, sectionName, "token_expired_time", defaultTokenExpiredTime)
 
@@ -844,8 +844,6 @@ func loadSecurityConfiguration(config *Config, configFile *ini.File, sectionName
 	config.MaxFailuresPerIpPerMinute = getConfigItemUint32Value(configFile, sectionName, "max_failures_per_ip_per_minute", defaultMaxFailuresPerIpPerMinute)
 	config.MaxFailuresPerUserPerMinute = getConfigItemUint32Value(configFile, sectionName, "max_failures_per_user_per_minute", defaultMaxFailuresPerUserPerMinute)
 
-	config.EnableRequestIdHeader = getConfigItemBoolValue(configFile, sectionName, "request_id_header", true)
-
 	return nil
 }
 
@@ -855,6 +853,7 @@ func loadUserConfiguration(config *Config, configFile *ini.File, sectionName str
 	config.EnableUserForceVerifyEmail = getConfigItemBoolValue(configFile, sectionName, "enable_force_email_verify", false)
 	config.EnableUserForgetPassword = getConfigItemBoolValue(configFile, sectionName, "enable_forget_password", false)
 	config.ForgetPasswordRequireVerifyEmail = getConfigItemBoolValue(configFile, sectionName, "forget_password_require_email_verify", false)
+	config.EnableTwoFactor = getConfigItemBoolValue(configFile, sectionName, "enable_two_factor", true)
 	config.EnableTransactionPictures = getConfigItemBoolValue(configFile, sectionName, "enable_transaction_picture", false)
 	config.MaxTransactionPictureFileSize = getConfigItemUint32Value(configFile, sectionName, "max_transaction_picture_size", defaultTransactionPictureFileMaxSize)
 	config.EnableScheduledTransaction = getConfigItemBoolValue(configFile, sectionName, "enable_scheduled_transaction", false)