Set-up 2FA
Two-factor authentication (2FA) allows user account owners to add an additional layer of login security to Cloudflare accounts. This additional authentication step requires you to provide both something you know, such as a Cloudflare password, and something you have, such as an authentication code from a mobile device.
Cloudflare offers the option to use either a phishing-resistant security key, like a YubiKey, or a Time-Based One-Time password (TOTP) mobile app for authentication, like Google Authenticator, or both. If you add both of these authentication methods to your account, you are initially prompted to log in with the security key, but can opt-out and use TOTP instead.
To ensure that you can securely access your account even without your mobile device or security keys, Cloudflare also provides backup codes for download.
As the user account owner, you are automatically assigned the Super Administrator role. Once 2FA is enabled, all Cloudflare account members are required to configure 2FA on their mobile devices.
Enable 2FA
We recommend that all Cloudflare user account holders enable two-factor authentication (2FA) to keep your accounts secure.
2FA can only be enabled successfully on an account with a verified email address. If you do not verify your email address first, you may lock yourself out of your account.
To enable two-factor authentication for your Cloudflare login:
- Log in to the Cloudflare dashboard ↗.
- Under the My Profile dropdown, select My Profile.
- Select Authentication.
- Select Manage in the Two-Factor Authentication card.
- Configure either a TOTP mobile app or a security key to enable 2FA on your account.
Additional configurations
Cloudflare also supports 2FA with device built-in authenticators (Apple Touch ID, Android fingerprint, or Windows Hello), Yubikeys and TOTP mobile applications.