2FA adds a second step to your login — after entering your password, you also need a time-based code. Even if someone gets your password, they can't get in without that second factor.
Setting up 2FA
Go to Settings → Security and click Enable 2FA. You'll be asked to choose a method:
Authenticator app — An app on your phone generates a 6-digit code that changes every 30 seconds. This is the more secure option. Any TOTP app works: Google Authenticator, Authy, 1Password, Bitwarden, or similar.
Email OTP — A code is sent to your account email each time you log in. Slightly less convenient but works if you'd rather not use an authenticator app.
Setting up with an authenticator app
- Choose Authenticator App and click Continue
- A QR code appears — scan it with your authenticator app
- Your app starts showing a 6-digit code
- Enter the current code to confirm the setup worked
- You'll be shown recovery codes — save these now
Recovery codes
Recovery codes are one-time-use backup codes you can use to log in if you ever lose access to your authenticator. You get a set of them when you first enable 2FA.
Store them somewhere safe — a password manager is ideal, or printed and kept somewhere physical. If you lose your authenticator and don't have recovery codes, getting back into your account will require contacting support.
You can regenerate recovery codes any time from Settings → Security if you think your existing ones are compromised.
Disabling 2FA
Go to Settings → Security and click Disable 2FA. You'll need to enter a current 2FA code to confirm. Once disabled, login only requires your password.
If you're locked out
If you've lost access to your authenticator and don't have recovery codes, contact support. Be prepared to verify your identity.