Protect your account with two-factor authentication

Two-factor authentication, sometimes shortened to 2FA, adds an extra layer of security to your account and all of the subscriptions on your account.

When logging into your account, you’ll enter an authentication code as an additional step. Depending on your settings, the code you enter is generated by an authentication app on your smartphone or sent to you via text message. After you log in, you can skip two-factor authentication for 30 days.

If any of your sites have multiple contributors, your contributors can choose to enable two-factor authentication for their own accounts. There isn't a way to enable it for them.

Tip: For added security, follow these steps in a private place where other people can't see your screen.

Choose your authentication method

You can receive your authentication code via an authentication app or have the code texted to you. Use this section to compare your options. It’s best to enable only one of these methods. Enabling both doesn’t make your account more secure.

Authentication app

• The most secure option
• Avoids login issues with limited cell coverage
• Available anywhere, as long as you download an authentication app
• Requires several steps to enable, which you must repeat if you get a new phone

Text message

• Quick to set up and use
• Widely used on other apps and services
• Only available if your phone number is from one of these countries
• Less secure than using an authentication app, although protecting your account with any two-factor authentication method is always more secure.

Note: If you enable both options, you won’t receive a text message immediately. Use the code generated by the authentication app instead. To receive a text message, click Use a different method, then select Text Message.

Enable two-factor authentication via an authentication app

Step 1 - Download the authentication app

While you can use any authentication app, we recommend Google Authenticator. The app is available for Android and iOS devices.

• Download for Android
• Download for iOS

Tip: The steps below should work for any authentication app, such as Authy or Duo, but if you have issues, contact your app's support team for more help.

Step 2 - Enable two-factor authentication

1. Click this link to open account & security settings in your account dashboard.
2. Click Two-Factor Authentication.
3. Next to Authentication App, click Set Up.
4. Enter your account password and click Next. If you signed up with a social account, click Continue with [social network] to verify your credentials.

Step 3 - Scan the QR code

Open the authenticator app on your phone to scan the QR code.

If you're changing your settings from a mobile device, the QR code won't display. Instead, you'll paste a code manually.

Tip: If your phone's camera is broken or unable to scan a QR code, log into your account on a mobile device and follow the mobile steps below.

For Google Authenticator, the steps are:

A 6-digit number will appear.

Tip: A new 6-digit code is generated every 30 seconds and is valid for 60 seconds.

Step 4 - Type in your code

On your computer, type the 6-digit code in the Authentication Code field, then click Next.

Each code is valid for 60 seconds. If your code isn't accepted, check the app for a new code, or review our troubleshooting tips.

When your code is accepted, click Done.

Tip: If you use mobile apps, you'll need to update them.

 

Step 5 - Choose a backup method (optional)

In the window that appears, choose a backup method. This is useful if you lose your phone or get a new phone without re-enabling two-factor authentication. You can enable two-factor authentication via text message or print backup codes.

Enable two-factor authentication via text message (sms)

You can set up two-factor authentication via text message if your phone number is from one of the following countries:

• United States
• Australia
• Canada
• Ireland
• United Kingdom

Step 1 - Enable two-factor authentication

1. Click this link to open account & security settings in your account dashboard.
2. Click Two-Factor Authentication.
3. Next to Text Message, click Set Up.
4. Enter your account password and click Next. If you signed up with a social account, click Continue with [social account] to verify your credentials.
5. Choose your country from the drop-down menu.
6. Enter your cell phone number and click Submit.

If your account is set up to recover your email address by text message, the phone number you use for it auto-fills here. You can keep it the same or update it, but updating it changes it for your text message account recovery too.

Step 2 - Review your text messages

After a few seconds, you’ll receive a text message with your six-digit authentication code.

Step 3 - Type in your code

On your computer, enter the six-digit code, click Submit, then click Done.

Codes sent via text message expire after five minutes. If you have trouble logging in, visit Troubleshooting two-factor authentication.

Step 4 - Choose a backup method (optional)

In the window that appears, choose a backup method. You can use an authentication app or print backup codes, which is useful if you lose access to your phone.

If you prefer to receive authentication codes via text message, we recommend printing backup codes as your backup method.

Print backup codes

Printing your backup codes is optional, but we highly recommend it. You can use your backup codes to log into your site if you lose access to your phone.

1. In the two-factor authentication window, click View beside Backup Codes.
2. Enter your account password, or verify your credentials through the social account you signed up with.
3. Click Print Backup Codes.

Each time you click View, three new backup codes are generated, and any previous codes are invalidated. Ensure you keep the most recently generated backup code.

Logging in with two-factor authentication

The first time you log into your account after you enable two-factor authentication, you'll be prompted to enter an authentication code after you enter your email and password. Depending on your settings, you’ll get the code via an authentication app or a text message.

Authentication app

1. Open the authentication app on your phone.
2. Type the code from the app on the login screen.
3. If you’d like, select Remember this computer for 30 days.
4. Click Log In.

Tip: A new code is generated every 30 seconds and is valid for 60 seconds. If your code isn't accepted, check the app to see if there's a new code, or see Troubleshooting two-factor authentication.

Text message

1. Check your phone. After a few seconds, you should receive a new text message.
2. Type the code on the login screen.
3. To skip two-factor authentication on your device the next time you log in, select Remember this computer for 30 days.
4. Click Log In.

Using backup codes to log in

If you lose your phone or are unable to use your authenticator app, you can use the backup codes you printed during setup to access your account. Backup codes are generated in sets of three, and each code can be used one time.

To access your account:

1. Go to squarespace.com/login.
2. Enter your account email and password and click Log In.
3. Click Use a different method.
4. Click Backup code.
5. Type an unused backup code in the authentication code field and click Log in.
6. Your account will open.

Troubleshooting

If the backup code doesn't work, follow these troubleshooting steps:

• Type the code in, rather than copying and pasting it.
• Try a different code from the backup code list. Each code is single-use.

If these steps don't work, or if you don't have your backup codes, contact us.

Generate new codes

If you've used all your backup codes, or if you have access to your account but haven't yet printed your backup codes:

1. Click this link to open account & security settings in your account dashboard.
2. Click Two-Factor Authentication, then click View beside Backup Codes. This invalidates previous codes.

Generate an app password

When you use an app password, you can log into your Squarespace account from apps or devices that don't support two-factor authentication, such as our Developer Platform. To generate an app password:

1. Click this link to open account & security settings in your account dashboard.
2. Click App Passwords, then click Generate Password.
3. Give the password a label, then click Next.
4. Add your account password and click Next.
5. Copy the app password and click Done.
6. Use this app password to log into the app or device.

As long as two-factor authentication is enabled for your account, repeat these steps to generate a new app password any time you need to log into that app or device.

Disable two-factor authentication

To disable two-factor authentication:

1. Click this link to open account & security settings in your account dashboard.
2. Click Two-Factor Authentication.
3. Beside the authentication methods you've enabled, click Remove.
4. Enter your password.
5. Click Disable.

Keep in mind, disabling two-factor authentication also invalidates your backup codes. If you reactivate two-factor authentication, ensure you generate new backup codes.

Troubleshooting

For troubleshooting tips, visit Troubleshooting two-factor authentication.