Two-factor authentication (2FA) adds a second lock to your account: even if someone gets your password, they still can't log in without the six-digit code from your phone. It takes about a minute to set up.
Turn it on
- Go to Account → Security in your dashboard.
- Open your authenticator app — Google Authenticator, Authy, 1Password and Microsoft Authenticator all work.
- Scan the QR code we show you (or type in the manual key underneath it).
- Enter the six-digit code your app generates to confirm. That's it — 2FA is now active.
Save your recovery codes — this is the important part
The moment you enable 2FA, we show you a set of recovery codes. Each one is a single-use key that gets you in if you ever lose access to your authenticator app.
Copy them somewhere safe now — a password manager is ideal. Don't screenshot them into your phone's camera roll; if you lose the phone, you lose both factors at once.
Lost your phone? Here's how to get back in
- On the login screen, after your password, choose "Use a recovery code" and enter one of the codes you saved. You're in.
- Each code works once, so cross it off after use.
Running low on recovery codes?
You can mint a fresh set any time from Account → Security → Recovery codes → Regenerate. Generating a new set immediately invalidates the old one, so update your saved copy afterwards. This means you can never truly run out of ways back into your account.
If you've genuinely lost both your authenticator and every recovery code, open a support ticket from an email address on file and our team will verify your identity and help you recover access.