Skip to content

Email 2FA

Email 2FA adds a second authentication step by sending a one-time code or magic link to your email address after you enter your password.

Account settings showing two-factor authentication options

How It Works

When Email 2FA is enabled, after entering your password you'll have three options to complete login:

  • Enter a code - check your inbox for a 6-digit code and enter it on the login page
  • Click a magic link - click the link in the email to log in directly
  • Auto-detect - the login page polls for a few seconds and logs you in automatically once you click the magic link in another tab

Setting Up Email 2FA

  1. Go to Settings → Security.
  2. Click Enable Email 2FA.
  3. The next time you log in, you'll be prompted to verify via email.

Limitations

Email 2FA is the simplest second-factor option, but it's less secure than TOTP or passkeys because it depends on email account security. For this reason:

  • Email 2FA is automatically disabled when you set up TOTP or register a passkey
  • The Email 2FA setup page is not available if you already have TOTP or passkeys enabled
  • To re-enable Email 2FA, you'd need to first remove your stronger 2FA method

Recommendation: Email 2FA is better than no 2FA, but we recommend TOTP or passkeys for stronger account protection.