Setup two-factor authentication

Two-factor authentication adds an extra layer of security to your account. Even if someone learns your password, they cannot sign in without also having the code from your authenticator app or a one-time recovery code.

Setting it up

1. Open your Profile page from the top-right user menu.
2. Find the Two-Factor Authentication section and click Enable.
3. Confirm your account password when prompted.
4. A QR code and setup key will appear. Scan the QR code with an authenticator app — Google Authenticator, 1Password, Bitwarden, Authy, Microsoft Authenticator and similar apps all work. If you cannot scan, enter the setup key manually.
5. Your authenticator app will start generating six-digit codes. Enter the current code in the Code field and click Confirm to finish setup.

Until you enter that confirmation code, two-factor authentication is not yet active on your account. If you close the page before confirming, you can return to Profile and pick up where you left off.

Recovery codes

A set of one-time recovery codes is generated when you start the setup and revealed once you confirm. Each code can be used in place of an authenticator code, but only once.

Store the codes somewhere safe — a password manager is ideal. If you lose access to your authenticator app, a recovery code is what gets you back in.

You can:

• Show recovery codes at any time from the Two-Factor Authentication section in your Profile.
• Regenerate recovery codes if you suspect they've been seen by someone else. The old set is invalidated immediately.

Signing in with two-factor authentication

Once two-factor authentication is active, every sign-in asks for a second step after your email and password:

• Open your authenticator app and enter the current six-digit code, or
• Click Use a recovery code and enter one of your one-time recovery codes.

If you've lost both your authenticator and your recovery codes, contact us — we can help you regain access after verifying your identity.

Turning it off

You can turn two-factor authentication off from the same section in your Profile. You'll be asked for your password to confirm. We recommend keeping it on.