Skip to main content

Two-Step Verification

Two-step verification adds an extra layer of security to your account by requiring a second form of identification when you sign in. In addition to your password, you provide a verification code from an authenticator app or a code sent to your phone via SMS. This protects your account even if someone gains access to your password.

Setting Up Two-Step Verification

To enable two-step verification on your account:

  1. Go to Account from the navigation menu.
  2. Select the Security tab.
  3. Follow the on-screen instructions to add a verification method.

You can choose from two methods:

  • Authenticator app — Use an app such as Google Authenticator, Authy, or Microsoft Authenticator to generate time-based verification codes. This is the recommended option because it does not depend on phone service.
  • SMS — Receive a verification code via text message to your registered phone number.

You can set up one or both methods. If both are configured, the authenticator app is used by default during sign-in.

Signing In with Two-Step Verification

Once two-step verification is enabled, the sign-in process includes an additional step:

  1. Enter your email address and password (or sign in with Google / SSO) as usual.
  2. A Two-Factor Authentication screen appears, prompting you for a verification code.
    • If you use an authenticator app, open the app and enter the current code.
    • If you use SMS, a code is sent to your phone automatically. Enter the code from the text message. You can request a new code if needed — there is a 30-second wait between resend requests.
  3. Select Verify to complete the sign-in.

Organization-Required Two-Step Verification

Organization administrators can require all members to enable two-step verification.

For Administrators

To require two-step verification for your organization:

  1. Go to Organization Settings.
  2. Open the Features section.
  3. Turn on the Require Two Factor Authentication toggle.
  4. Select Save Changes.

Once enabled, any member who has not yet set up two-step verification will be prompted to do so the next time they access the platform.

For Members

If your organization requires two-step verification and you have not set it up yet:

  1. A dialog appears with the message: "Your organization requires all members to enable two-step verification for enhanced security."
  2. Select Set Up Two-step Verification to go directly to the Security settings page.
  3. Complete the setup by following the instructions in the Setting Up Two-Step Verification section above.

You will not be able to use the platform until two-step verification is configured on your account.

Managing Your Verification Methods

You can add, remove, or change your verification methods at any time:

  1. Go to Account from the navigation menu.
  2. Select the Security tab.
  3. From here you can:
    • Add a new authenticator app or phone number.
    • Remove an existing verification method.
    • View and manage backup codes for account recovery.

Recovery

If you lose access to your verification method (for example, you lose your phone or uninstall your authenticator app), you can use backup codes to sign in. Backup codes are provided when you first set up two-step verification and can be viewed in your Security settings.

Keep your backup codes in a safe place. Each backup code can only be used once.

Frequently Asked Questions

Do I need two-step verification if I sign in with Google or SSO? If your organization requires two-step verification, it applies to all sign-in methods, including Google and enterprise SSO. You will be asked to complete the verification step after signing in with your external provider.

What happens if I can't receive SMS codes? If you are having trouble receiving SMS codes, try using an authenticator app instead. Authenticator apps work without a phone signal or internet connection on the device generating the codes.

Can I disable two-step verification after enabling it? You can disable two-step verification from the Security settings page in your account — unless your organization requires it. If your organization has enabled the requirement, you must keep two-step verification active while you are a member of that organization.

What authenticator apps are supported? Any app that supports time-based one-time passwords (TOTP) will work. Popular options include Google Authenticator, Authy, Microsoft Authenticator, and 1Password.

⌘J