What is Two-Factor Authentication? How do I use it?

We use two-factor authentication to keep your Substack account secure. If enabled on your account, you'll need more than just your password to log in.

What's two-factor authentication?

Two-factor authentication (also called “2FA” ) gives your account two layers of protection. To sign into Substack:

  • You'll log in by requesting a sign in link to your email or log in using your password.
  • You'll then be asked to enter a confirmation code found on the authenticator app.

Tip: An authenticator app is an app you can find on the App Store or Google Play, such as Google Authenticator or 1Password


How do I set up two-factor authentication?

On your account Settings page:

1. Enable recovery questions which can be used in the event you lose access to your email or authenticator app.

2. Once you've set up your questions, click "Turn On" next to Turn on two-factor authentication.

3. Download an authenticator app and link it to your Substack account by scanning the QR code or manually entering a setup key.

4. The authenticator app will display a confirmation code.

5. Enter the 6-digit confirmation code on Substack and click "Submit".

Once enabled, you'll be asked to enter a new code every time you log into your Substack account. The authenticator app will generate a new code every 30 seconds.

Note: Lost access to the device that's linked to your Substack's two-factor authentication? Please contact our Trust & Safety team as the first step you can take to recover your Substack account.

Was this article helpful?
45 out of 151 found this helpful

Articles in this section

See more
Need more help?
Submit a request to our Support team and we'll be glad to help!