Turn on two-factor authentication from your Profile page: confirm your current password, then scan a QR code with an authenticator app, or enter the manual secret by hand, and enter the 6-digit code it generates to activate it. You'll then get 10 backup codes, shown once, so save them somewhere safe.
After your password, you'll be asked for a code: either the current 6-digit code from your authenticator app, or one of your 10 backup codes. Each backup code works exactly once. Repeated wrong codes are rate-limited, so it's worth typing carefully rather than guessing.
Disabling two-factor authentication needs both your current password and a valid code, from your app or a backup code, the same two things you needed to turn it on.
| You've lost | What to do |
|---|---|
| Your authenticator app, but still have a backup code | Sign in with a backup code instead of your app code |
| All your backup codes, but still have your authenticator app | Sign in as normal, your app code still works |
| Both your authenticator app and your backup codes | Contact support; a password reset alone does not turn off 2FA |
There's currently no self-serve way to generate a fresh set of 10 backup codes once you've used them all. If you still have access, disable two-factor authentication with your password and a remaining code, then set it up again to get a new set.