How do I use two-factor authentication with my account?

We support two-factor authentication (aka “2FA”, “multi-factor authentication” or “MFA”) for our “My Account” control panel.

(This is separate from two-factor authentication for webmail.)

If you enable two-factor authentication for your account, anyone logging in will need to provide both the account password and an authentication code from their phone or other device. This keeps your account secure even if someone steals your password — unless they also have access to the code, they won’t be able to use the password to steal your domain name, update your DNS nameservers, change your passwords, etc.

On this page:

Getting an app

To set up two-factor authentication, you’ll need to use an app on your phone or device that can generate the codes, which change every 30 seconds. You can use almost any time-based (“TOTP”) authenticator app, including these free apps:

Most other “authenticator” apps work, too, including the built-in macOS and iOS password manager in iOS 15 and macOS 12.

Setting up two-factor authentication

To set up two-factor authentication, make sure you’re using an app that supports it, then:

  1. Login to the “My Account” control panel (having trouble?)
  2. Click Passwords and Security
  3. Scroll to the bottom of the page and click two-factor authentication

This page will walk you through the setup process. You’ll see a special “QR code” on the screen that you can scan using your authenticator app. It will also verify that your device is showing the correct time-based codes and that you’ve saved the emergency backup codes.

After setting it up, you’ll be prompted to enter the code from your device each time you login. If you check “Remember me until I logout” when you login, you won’t be prompted again on the same browser and device unless you logout.

What if I lose my device?

When you first set up two-factor authentication for your account, you’ll download and/or print “emergency backup codes” in case you lose your device. You should keep multiple copies of those backup codes in a safe place (not just on the same device that has the authenticator app). You can use a backup code even if you lose your device.

The backup code will also allow you to return to the setup page to add the code to a new device.

What if I lose both my device and the backup codes?

If this happens, you’ll need to contact us and explain what happened, in as much detail as possible. We’ll work with you to regain access to your account, but keep in mind that we’re very strict about this process: It will usually involve notarized paperwork and take at least 14 days.

The thoroughness and slowness of that process is intentional. By enabling two-factor authentication, you’re telling us to be extremely skeptical of someone who claims to be you but doesn’t have the code. That’s what a “hacker” would say, of course, and if it were easy to convince us to give them access, it would defeat the purpose of two-factor authentication. Because of that, these requests are always reviewed by multiple members of our security team who are familiar with methods used in social engineering attacks. Before we make a decision, we always contact the real owner using multiple methods and give them plenty of time to respond.

Disabling two-factor authentication

If you’ve previously enabled two-factor authentication for your account, and you want to disable it:

  1. Login to the “My Account” control panel (having trouble?)
  2. Enter the existing device or backup code when prompted
  3. Click Passwords and Security
  4. Scroll to the bottom of the page and click two-factor authentication
  5. Choose the Disable two-factor authentication option

Can you send me the authentication code by SMS text message?

We don’t support two-factor authentication using SMS text messages because it’s not secure. You do have to use an app.

Is two-factor authentication supported for Webmail logins?

You can set up two-factor authentication for webmail separately.

Is two-factor authentication supported for POP, IMAP, SSH or FTP logins?

We don’t currently support two-factor authentication for these purposes. That’s because there are many different ways to connect to those services, and many of these methods unfortunately have no way to enter a two-factor code.