Set up two-factor authentication

Two-factor authentication (2FA) adds a second step to signing in: after your password, you also enter a short code from an authenticator app on your phone. Even if someone learns your password, they can’t get in without that code.

What you’ll need

An authenticator app on your phone or computer that generates time-based one-time codes (TOTP). Any of these work:

• Google Authenticator
• Authy
• 1Password
• Any other TOTP authenticator app

Turn on two-factor authentication

1. Sign in to Acme.
2. Go to Settings → Security.
3. In the Two-Factor Authentication section, select Enable Two-Factor Authentication.
4. In the dialog, open your authenticator app and scan the QR code.
5. Enter the 6-digit verification code shown in your authenticator app.
6. Select Verify & Enable.

Once the code is accepted, two-factor authentication is on, and you’ll be shown your recovery codes.

Caution

Right after you enable 2FA, you’ll see a one-time list of recovery codes. Save them before closing the dialog — they’re how you get back in if you lose your authenticator device. See Recovery codes.

Can’t scan the QR code?

If your authenticator app can’t scan the QR code (for example, you’re setting it up on the same device), select the option to enter the code manually and type the setup key shown beneath the QR code into your app. Then continue with the verification code as above.

Signing in with two-factor authentication

After 2FA is on, each sign-in asks for your password first, then the current 6-digit code from your authenticator app. The code changes every 30 seconds, so always use the one showing at that moment.

Turn off two-factor authentication

1. Go to Settings → Security.
2. In the Two-Factor Authentication section, select Disable 2FA.
3. Enter your password and a current verification code, then confirm.

Note

Turning off 2FA makes your account password-only. If you’re disabling it because you lost your device, use a recovery code to sign in first, or see Sign-in problems.