Two-step verification (2SV, also known as two-factor authentication) adds security by requiring an extra step when you log in or try to edit sensitive information like your password. We support these 2SV methods:
| 2SV method | Security level | When you log in… |
|---|---|---|
| SMS text message | Good | We’ll text you a 6-digit code you must enter. You can’t log in if you can’t receive the code. |
| Authenticator app, like Google Authenticator or Authy, on your phone or other device | Better | You must enter the code that the app shows you. You can’t log in if you don’t have access to the app. |
| Hardware security key, such as a Yubikey or Google Titan | Best | You must insert the hardware key to verify your identity. You can’t log in if you don’t have the key and your backup method doesn’t work. |
Always set a backup 2SV method
To minimize hassle when something goes wrong (like losing your phone), always set a backup 2SV method – it’s required if you’re using a hardware key. When you enable 2SV, set the backup at the same time.
Note: For best results, set your backup on a different device – for example, if SMS on your phone is your main 2SV, set an authenticator app on your laptop as your backup 2SV.
An easier way to use 2SV
By default, 2SV is required for every login. Instead, you can set up 2SV so you only need it for high-risk transactions like changing your account security (password, PIN, 2SV methods) or transferring a domain. If you rarely need a high-risk transaction, this could be a better fit for you.