What is two-step verification?
Two-step verification (2SV, also known as two-factor authentication) adds security by requiring an extra step when you log in or try to edit sensitive information like your password. We support several 2SV methods as described next:
|Security level||2SV method||How it works||What to watch out for...|
|Good||SMS text message||On login, to access your account we'll text you a 6-digit code you must enter.||If you can't receive the code (for example, you lost your phone or changed your number) you can't log in.|
|Better||Authenticator app, like Google Authenticator or Authy, on your phone or other device||On login, to access your account you must enter the code that the app shows you.||If you don't have access to the app (lost your phone, etc.), then you can't login.|
|Best||Hardware security key, such as a Yubikey or Google Titan||On login, to access your account you must insert the hardware key, and the key verifies your identity.||If you lose the key and your backup method doesn't work, you can't log in.|
Always set a backup 2SV method
To minimize the hassle when something goes wrong (for example, you lost your phone), be sure you set a backup 2SV method (a backup is required if you're using a hardware key). After you enable 2SV, you can set a backup anytime.
Note: For best results, set your backup on a different device - for example, if SMS on your phone is your main 2SV, set an authenticator app on your laptop as your backup 2SV.
About high-risk transactions
By default, you set up 2SV as a requirement for every login. Instead, you can set up 2SV so you only need it for high-risk transactions like changing your account password or PIN or transferring a domain. If you frequently log in to your account but rarely need a high-risk transaction, this could be a better fit for you.