Skip to content

Add docs for email 2FA #26366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: production
Choose a base branch
from
+18 −4
Open

Add docs for email 2FA #26366

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 12 additions & 3 deletions src/content/docs/fundamentals/user-profiles/2fa.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ You can configure a built-in authenticator such as Apple Touch ID, Android finge

### Security keys

You can configure a security key, such as a Yubikey, to use with your account. Before you begin, ensure your hardware security key is configured and plugged in.
You can configure a security key, such as a Yubikey, to use with your account. Before you begin, ensure your hardware security key is configured and plugged in.

On a Windows device, you may need to set up Windows Hello or register your security key to your Microsoft account. Review the Windows documentation for more details.

Expand All @@ -55,7 +55,7 @@ On a Windows device, you may need to set up Windows Hello or register your secur

## Configure TOTP mobile application authentication

Time-based one-time password (TOTP) authentication works by using an authenticatior app, such as Google Authenticator or Microsoft Authenticator, which generates a secret code shared between the app and a website. When you log in to the website, you enter your username, password, and the secret code generated from the authenticator app. The secret code is only valid for a short period of time, about 30 to 60 seconds, before a new code is generated.
Time-based one-time password (TOTP) authentication works by using an authenticatior app, such as Google Authenticator or Microsoft Authenticator, which generates a secret code shared between the app and a website. When you log in to the website, you enter your username, password, and the secret code generated from the authenticator app. The secret code is only valid for a short period of time, about 30 to 60 seconds, before a new code is generated.

1. Once your security key is plugged in, go to **Profile** > **Authentication**.
2. From **Two-Factor Authentication**, select **Set up**.
Expand All @@ -71,7 +71,7 @@ Time-based one-time password (TOTP) authentication works by using an authenticat

:::note

To avoid being locked out of your account, be sure to generate and save your recovery codes. If you forget your password and cannot receive the reset code or lose access to your phone with the authenticator app, you can use the recovery codes to access your account.
To avoid being locked out of your account, be sure to generate and save your recovery codes. If you forget your password and cannot receive the reset code or lose access to your phone with the authenticator app, you can use the recovery codes to access your account.

You can regenerate your backup codes at any time using the Cloudflare dashboard.
:::
Expand All @@ -89,6 +89,15 @@ Reconfiguring TOTP mobile application authentication does not turn off 2FA.

To reconfigure, follow [Steps 1-7](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) as detailed above.

## Configure email two factor authentication

Email 2FA works by sending you a TOTP code to your email address. This is a good option particularly if you're concerned about losing a hardware based key.

1. Navigate to **User Profile**, then **Authentication**
2. Under **Two-Factor Authentication**, click **Set up**
3. Under **Email Authentication**, click **Enable**.
4. You will be prompted to enter your password twice, and then be shown recovery codes. Save these somewhere safe like a password manager.

## Regenerate backup codes

Each backup code is one-time use only, but you can always request a new set of backup codes using the Cloudflare dashboard. This is useful if you have lost access to or used all of your previous backup codes.
Expand Down
7 changes: 6 additions & 1 deletion src/content/partials/support/2fa-enable.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,9 @@ To enable two-factor authentication for your Cloudflare login:
2. Under the **My Profile** dropdown, select **My Profile**.
3. Select **Authentication**. 
4. Select **Manage** in the Two-Factor Authentication card.
5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) or a [security key to enable 2FA on your account](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login).
5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication), [security key](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login), or [email 2FA](/fundamentals/user-profiles/2fa/#configure-email-two-factor-authentication).

:::note

Cloudflare recommends that users enable at least two different 2FA factors, as well as safely store [backup codes](/fundamentals/user-profiles/2fa/#regenerate-backup-codes)) to prevent lockouts.
:::