Two-factor authentication (2FA) adds a second layer of protection so someone with just your email can't sign in as you. We strongly recommend turning it on for any account that holds financial data.
Enabling 2FA
- Go to Settings → Security.
- Click Set up authenticator app.
- Scan the QR code with an authenticator app — Google Authenticator, Authy, 1Password, Bitwarden, and most password managers all support this. Enter the 6-digit code to confirm.
- Save your recovery codes.You'll see eight one-time codes. Copy them to your password manager or print them. Each code lets you sign in once if you lose access to your authenticator app.
What if I Lose My Phone?
On the sign-in page, after entering your email and clicking the magic link, you'll be asked for a 6-digit code from your authenticator. If you can't access it, click Lost your device? Use a recovery code. Enter one of the eight codes you saved earlier. The code is consumed (it can't be reused) and we automatically remove your old authenticator enrollment so you can set up a new one immediately.
Running Low on Recovery Codes?
From Settings → Security, click Regenerate. We'll ask you to confirm with your authenticator first, then give you a fresh set of eight. Your old codes stop working immediately — make sure to save the new ones.