We use two-factor authentication to keep your Substack account secure. If enabled on your account, you'll need more than just your password to log in.
What's two-factor authentication?
Two-factor authentication (also called “2FA” ) gives your account two layers of protection. To sign into Substack:
- You'll log in by requesting a sign in link to your email or log in using your password.
- You'll then be asked to enter a confirmation code found on the authenticator app.
Tip: An authenticator app is an app you can find on the App Store or Google Play, such as Google Authenticator or 1Password.
How do I set up two-factor authentication?
On your account Settings page, head to the Security section:
1. Enable recovery questions which can be used in the event you lose access to your email or authenticator app.
2. Once you've set up your questions, click "Turn On" next to Turn on two-factor authentication.
3. Download an authenticator app and link it to your Substack account by scanning the QR code or manually entering a setup key.
4. The authenticator app will display a confirmation code.
5. Enter the 6-digit confirmation code on Substack and click "Submit".
Once enabled, you'll be asked to enter a new code every time you log into your Substack account. The authenticator app will generate a new code every 30 seconds.
What happens if I've lost access to my two-factor authentication app? How do I log into Substack?
Once you've enabled two-factor authentication on your Substack account, you'll be asked to enter the confirmation code every time you sign into Substack.
However, if you've lost access to the two-factor authentication app, you can reset your two-factor authentication.
1. Sign into your Substack account via email or password.
2. On the two-factor authentication page, click on, "Still not able to log in? Recover your account."
3. Here, you'll need to correctly answer the questions to the recovery questions that you've previously set up. The recovery questions challenge can expire so please refrain from leaving the page and browsing on the internet.
4. After entering the responses to your recovery questions, click "Reset". You'll then need to sign back into your Substack account. You can always re-enable two-factor authentication in your account Settings once it's been disabled.
Note: Lost access to the email address connected to your Substack account? Follow these steps to recover your account on Substack.