Skip to main content

Setting up Multi-Factor Authentication

Multi-Factor Authentication (MFA) adds a second layer of security to your account. Each time you log in, you will be asked to verify your identity using one of your registered authentication methods in addition to your password.

You can add as many methods as you like — including a mix of authenticator apps, hardware security keys, and backup codes — and designate one as your default.

Authentication Methods

Authenticator App (TOTP)

A TOTP (Time-based One-Time Password) app generates a 6-digit code that changes every 30 seconds. This is the most widely compatible method and works entirely offline. Supported apps include:

  • Google Authenticator (iOS / Android)
  • Authy (iOS / Android / Desktop)
  • 1Password, Bitwarden, and most password managers
  • Any app that supports the TOTP standard (RFC 6238)

Security Key (WebAuthn)

A hardware security key provides strong, phishing-resistant authentication using the WebAuthn/FIDO2 standard. When logging in, you simply insert your key and touch it — no code to type. Supported devices include:

  • YubiKey (USB-A, USB-C, NFC)
  • Google Titan Key
  • Platform authenticators — Face ID, Touch ID, Windows Hello, Android biometrics
  • Any FIDO2 or U2F compatible security key

Your browser must support WebAuthn. All modern browsers (Chrome, Firefox, Safari, Edge) do.

Backup Codes

Backup codes are a set of 10 single-use codes generated for your account. Each code can only be used once. Use backup codes to sign in if you lose access to your authenticator app or security key.

We recommend generating backup codes after adding your first authentication method. Store them somewhere safe — in a password manager, printed copy, or secure document. They will not be shown again after the initial setup.

Adding an Authentication Method

Navigate to Account ➡️ Profile ➡️ Multi-Factor Authentication and click Add MFA.

Adding an Authenticator App

  1. Select Authenticator App from the method list.
  2. Install a TOTP-compatible app on your phone if you haven't already.
  3. Open the app and scan the QR code displayed on the setup page.
  4. Enter a name for this key (for example, "Google Authenticator" or "Authy on iPhone").
  5. Enter the 6-digit code shown in your app and click Confirm & Add.

Adding a Security Key

  1. Select Security Key from the method list.
  2. Insert your security key into a USB port, or have it ready for NFC.
  3. Enter a name for this key (for example, "YubiKey USB-C" or "MacBook Touch ID").
  4. Click Register Security Key and follow the browser prompts to complete registration.

Setting Up Backup Codes

  1. Select Backup Codes from the method list.
  2. Click Generate Backup Codes.
  3. Save all 10 codes somewhere safe before leaving the page — they cannot be retrieved later.
  4. Click Done, I've Saved My Codes to finish.

Regenerating Backup Codes

If you are running low on codes or want to rotate them, you can generate a fresh set at any time:

  1. On the Multi-Factor Authentication page, select your Backup Codes entry using its checkbox.
  2. Click Regenerate in the action bar.
  3. Confirm by clicking Regenerate Backup Codes on the confirmation page.
  4. Save all 10 new codes before leaving the page — the old codes are invalidated immediately and the new ones will not be shown again.
  5. Click Done, I've Saved My Codes to finish.

Managing Your Methods

From the Multi-Factor Authentication page you can:

  • Set a default — the default method is presented first at login. Select a key and use the Set as Default option in the action bar.
  • Rename a key — click a key's name to open the edit panel and update its label.
  • Delete a key — select one or more keys using the checkboxes and click Delete. If you remove all methods, MFA will be disabled on your account.

Logging In

Once MFA is enabled, after entering your password you will be redirected to a verification screen. Your default method is presented first. If you have multiple methods registered, you can switch to a different one using the Use a different method options shown below the verification prompt.

  • Authenticator App — enter the current 6-digit code from your app. Codes rotate every 30 seconds; if a code is rejected, wait for it to refresh and try again.
  • Security Key — insert your key and touch it when prompted by your browser.
  • Backup Codes — enter one of your saved backup codes. Each code is consumed on use and cannot be reused.

Tips

  • Add backup codes after setting up your primary method so you always have a recovery option.
  • Register more than one method so you have a fallback if you lose access to one.
  • If you lose all of your registered methods and cannot log in, contact support to regain access.
  • Platform authenticators (such as Touch ID) are tied to the specific device they were registered on.
  • Keep the time on your phone accurate — TOTP codes depend on a synchronized clock.