Two-factor authentication
2FA adds a second step (a one-time code) to your sign-in to keep your account safe.
What you’ll need
- An authenticator app (Microsoft Authenticator, Google Authenticator, Authy, 1Password, etc.).
- Access to your account email (for confirmations and recovery).
Set up 2FA (takes ~1 minute)
- Open My Account → Two-factor authentication.
- Click Enable to show your QR code.
- In your authenticator app, tap Add account → Scan QR and scan the code.
- Enter the 6-digit code to verify.
- Download your recovery codes and store them securely (password manager or printed copy).
Keep recovery codes safe. If you lose your phone, a recovery code is the quickest way to sign in.
Trusted devices (“Remember this machine”)
On the 2FA screen you can tick Remember this machine. We set a secure cookie so you won’t be asked for a code again on this browser. This ends if you sign out, clear cookies, or if we need to re-verify.
- Forget this browser (in 2FA settings) removes the trust, so this device will require codes again.
- Admin-initiated 2FA resets also invalidate remembered devices.
If you can’t get a code
- Use a recovery code on the “Use a recovery code” link during sign-in.
- New phone? If you still have the old device, open the authenticator app and add the account on the new phone by scanning a fresh QR from your 2FA settings.
- No device + no recovery codes? Contact support. An administrator can reset 2FA (they’ll verify your identity first).
Advanced: what happens under the hood?
- We support standard TOTP (RFC-6238) — 6-digit codes that rotate every 30 seconds.
- When you “remember this machine”, we set a secure cookie bound to your account and device.
- Admins with 2FA can reset a user’s 2FA: it disables 2FA, regenerates the authenticator key, and invalidates remembered devices.