2 min read
Two-factor authentication (2FA) allows user account owners to add an additional layer of login security to Cloudflare accounts. This additional authentication step requires you to provide both something you know, such as a Cloudflare password, and something you have, such as an authentication code from a mobile device.
Cloudflare offers the option to use either a phishing-resistant security key, like a YubiKey, or a Time-Based One-Time password (TOTP) mobile app for authentication, like Google Authenticator, or both. If you add both of these authentication methods to your account, you are initially prompted to log in with the security key, but can opt-out and use TOTP instead.
To ensure that you can securely access your account even without your mobile device or security keys, Cloudflare also provides backup codes for download.
We recommend that all Cloudflare user account holders enable two-factor authentication (2FA) to keep your accounts secure.
To enable two-factor authentication for your Cloudflare login:
- Log in to the .
- Under the My Profile dropdown, select My Profile.
- Select Authentication.
- Select Manage in the Two-Factor Authentication card.
- Configure either a or a .
Cloudflare also supports 2FA with device built-in authenticators (Apple Touch ID, Android fingerprint, or Windows Hello), Yubikeys and TOTP mobile applications.