Two-factor authentication (2FA)

Two-factor authentication adds a second step after your password. When 2FA is on, signing in may require an authenticator app code or a backup code in addition to your password.

Turn on 2FA

1. Sign in and open Settings.
2. Find the security or two-factor section and start the setup flow.
3. Scan the QR code with an authenticator app (for example Google Authenticator, Authy, or 1Password), or enter the secret manually if your app supports it.
4. Enter the 6-digit code from the app to confirm setup.
5. When backup codes are shown, save them offline (password manager or print). Treat them like passwords — anyone with a backup code can sign in as you if they also know your password.

Sign in when 2FA is enabled

1. Enter email and password on Sign in as usual.
2. When prompted, open your authenticator app and enter the current 6-digit code.
3. If you lost your device, use a backup code once in place of the app code, then replace 2FA as soon as possible.

View or rotate backup codes

From Settings, use the option to view backup codes when available. If you suspect codes were exposed, disable 2FA and set it up again to get a fresh set (after confirming with your password where required).

Disable 2FA

You can disable 2FA from Settings when you are signed in. The app may ask for your password to confirm. If you are locked out entirely, use support — be ready to prove account ownership.

Recovery tips

• Authenticator time must be correct; severe clock drift can cause “invalid code” errors.
• Try another network or browser if the challenge page fails to load.
• Keep at least one unused backup code in a safe place separate from your phone.