Two-Factor
Authentication
Add an extra layer of security to every account. With 2FA on, signing in needs both a password and a one-time code from your authenticator app — so a leaked password alone is never enough.
What is Two-Factor Authentication?
2FA adds a second step to sign-in. After your password, you enter a one-time TOTP code from an authenticator app such as Google Authenticator or Authy. You set it up once by scanning a QR code, and you get recovery codes as a backup for the rare day you can’t reach your phone.
Turn it on
Protected in three steps
Setup lives in Security Settings and takes under a minute. Here’s exactly what you’ll see.
Enable 2FA
Open the Two-Factor Auth card in Security Settings and click Enable.
Two-Factor Auth
Extra layer of login security
2FA not enabled — your account is less secure.
Scan the QR code
Open your authenticator app and scan the code to add your account.
Scan this QR code
Use Google Authenticator, Authy, 1Password or any TOTP app.
Confirm the code
Enter the six-digit code your app shows to finish and lock it in.
Enter your 6-digit code
Backup built in
Recovery codes keep you in
Once 2FA is on, your account shows a clear protected badge and a set of one-time recovery codes. Store them somewhere safe — each one signs you in once if you ever lose access to your authenticator app.
- A green badge confirms the account is protected
- Recovery codes for the day you lose your phone
- A TOTP prompt on every future sign-in
- Disable any time from Security Settings
Two-Factor Auth
Your account is protected
2FA is active on this account
Recovery codes
FAQ
Common questions
What is two-factor authentication?
A second security step at sign-in. On top of your password, you enter a one-time TOTP code from an authenticator app, so a stolen password alone is not enough to reach your account.
How do I turn it on?
Open Security Settings, click Enable 2FA, scan the QR code with your authenticator app, then enter the six-digit code to confirm. Your account is protected from that moment on.
What if I lose my phone?
When you enable 2FA you receive recovery codes. Keep them somewhere safe — each code lets you sign in once if you cannot reach your authenticator app.
Which authenticator apps work?
Any standard TOTP app, including Google Authenticator, Microsoft Authenticator, Authy and 1Password. You scan one QR code and the app generates the codes.
Can I turn 2FA off again?
Yes. You can disable 2FA at any time from the Security Settings page, though we recommend keeping it on for the extra protection.
Lock down your account
Turn on 2FA and make a stolen password useless on its own.