We use two-factor authentication to keep your Substack account secure. If enabled on your account, you'll need more than just your password to log in.
What's two-factor authentication?
Two-factor authentication (also called “2FA” ) gives your account two layers of protection. To sign into Substack:
- You'll log in by requesting a sign in link to your email or log in using your password.
- You'll then be asked to enter a confirmation code found on the authenticator app.
Tip: An authenticator app is an app you can find on the App Store or Google Play, such as Google Authenticator or 1Password.
How do I set up two-factor authentication?
On your account Settings page:
1. Enable recovery questions which can be used in the event you lose access to your email or authenticator app.
2. Once you've set up your questions, click "Enable" under Two-Factor Authentication.
3. Open the authentication app of your choice and scan the QR code to link it to your Substack account.
4. The authentication app will display a confirmation code.
5. Enter the 6-digit confirmation code on Substack and click "Submit".
Once enabled, you'll be asked to enter a new code every time you log into your Substack account. The authentication app will generate a new code every 30 seconds.
Note: Lost access to the device that's linked to your Substack two-factor authentication? Learn more here on what steps you can take to recover your Substack account.