Protect your account with two-factor authentication

Two-factor authentication, or 2FA, adds an extra layer of security to your account and Squarespace sites.

When logging into your account, in addition to your email and password you'll enter a code generated by an authentication app on your smartphone. (Note: You won't receive a text message or email with this code.)

You'll be asked for a code whenever you access your account from a new device. On each device, you'll have the option to disable code requests for 30 days.

This guide explains how to set up 2FA for your account.

Note: For added security, we recommend you follow these steps in a private place where your computer screen isn't visible to other people.

Watch a video

Step 1 - Download an authentication app

While you can use any authentication app, we recommend Google Authenticator. The app is available for Android and iOS devices.

Tip: The steps below should work for any authentication app, such as Authy or Duo, but if you have issues, contact to your app's support team for more help.

Step 2 - Enable 2FA

Log into your Squarespace Account Dashboard at https://account.squarespace.com.
Click your profile icon, then Account & Security.

Click Two-Factor Authentication.
Click Set Up Two-Factor Authentication.
Enter your account password, and click Next.

Step 3 - Scan the QR code

Open the authenticator app on your phone to scan the QR code.

If you're changing your settings from a mobile device, the QR code won't display. Instead, you'll paste a code manually.

Tip: If your phone's camera is broken or unable to scan a QR code, log into your account on a mobile device and follow the mobile steps below.

For Google Authenticator, the steps are:

Desktop Mobile

Open Google Authenticator. If this is your first time using the app, click Begin Setup. Otherwise, click the + icon.
Click Scan barcode.
Scan the QR code.

Click Copy.

Open Google Authenticator and click the + icon.
Click Manual entry.
Add your Squarespace account email.
In the Key field, paste the code.
Leave the Time Based toggle on, and click the ✓ icon in the top right.

A 6-digit number will appear.

Tip: A new 6-digit code is generated every 30 seconds, and is valid for 60 seconds.

Step 4 - Type in your code

On your computer, type the 6-digit code in the Authentication Code field, then click Next.

Each code is valid for 60 seconds. If your code isn't accepted, check the app to see if there's a new code, or see our troubleshooting tips.

When your code is accepted, click Done.

Tip: If you use mobile apps, you'll need to update them.

Step 5 - Print backup codes (optional)

In the Two-Factor Authentication window, click Get Backup Codes. Enter your account password, then click Print Backup Codes.

This is optional, but we highly recommend it. These backup codes will enable you to log into your site if you lose access to your phone.

Logging in after enabling 2FA

The first time you log into your account, you'll be prompted to enter an authentication code after you enter your email and password. To find this code:

Open the authenticator app on your phone.

Type the code from the app on the login screen.
If you'd like, select Remember this computer for 30 days.
Click Log in.

Tip: A new code is generated every 30 seconds, and is valid for 60 seconds. If your code isn't accepted, check the app to see if there's a new code, or see our troubleshooting tips.

Screen_Shot_2018-12-05_at_3.06.58_PM.png

"Code is incorrect" message

If you see a message that says Security code is incorrect or The two-factor code was incorrect, open your authenticator app and get a new code. In Google Authenticator, the code turns red for the last 5 seconds before the app generates a new code. Codes disappear after 30 seconds, but expire at 60 seconds. Once a code expires, you won't be able to use it to log in.

If trying a new code doesn't work, ensure your phone's time is set to automatically update to your local time zone. If you've manually set your phone to a different time, your authenticator codes won't work.

If you've used a fresh code and your phone's time is correct, but you still can't log in:

If you've already set up 2FA, try your backup codes.
If you're currently in the process of setting up 2FA, contact us.

Protecting multiple sites, accounts, and contributors

Enabling 2FA protects all sites on your account.

If you have multiple Squarespace accounts, enable 2FA for each of them.
If any of your sites have multiple contributors, your contributors can choose to enable 2FA for their own accounts. There isn't a way to enable it for them.

Using backup codes

If you lose your phone or are unable to use your authenticator app, you can use the backup codes you printed during setup to access your account. Backup codes are generated in sets of three, and each code can be used one time.

To access your account:

Go to your Squarespace Account Dashboard.
Enter your account email and password and click Log In.
Click Use a different method.
Click Backup code.
Type an unused backup code in the authentication code field and click Log in.
Your account will open.

Troubleshooting

If the backup code doesn't work, follow these troubleshooting steps:

Type the code in, rather than copying and pasting it.
Try a different code from the backup code list. Each code is single-use.

If these steps don't work, or if you don't have your backup codes, contact us.

Generate new codes

If you've used all your backup codes, or if you have access to your account but haven't yet printed your backup codes:

Log into your Squarespace Account Dashboard.
Click your profile icon, then Account & Security.
Click Two Factor Authentication, then Get Backup Codes.

Generate an app password

App passwords let you sign in to your Squarespace account from apps or devices that don't support 2FA, such as Squarespace Logo. To generate an app password:

Log into your Squarespace Account Dashboard at https://account.squarespace.com.
Click your profile icon, then Account & Security.
Click App Passwords, then Generate Password.
Give the password a label, then click Next.
Add your account password and click Next.
Copy the app password and click Done.
Use this app password to log into the app or device.

As long as 2FA is enabled for your account, repeat these steps to generate a new app password any time you need to log into that app or device.

Disable 2FA

To disable 2FA:

Log into your Account Dashboard.
Click your profile icon.
Click Account & Security, then Two Factor Authentication.
Click Disable Two Factor Authentication and enter your password.

2FA and mobile apps

If you use Squarespace mobile apps, ensure your app is up to date. If you can't log in after enabling 2FA, update the app to the most recent version.

If you log out of an app, you'll need an authentication code to log back in.

2FA and Developer Mode

If you have sites with Developer Mode enabled, once you've enabled 2FA your regular password won't work when connecting with Git, SFTP, or command line.

To log in, generate an app password. If you need to log in again while 2FA is enabled, generate a new app password by repeating the same steps.

I've lost or broken my phone

If you printed or saved your backup codes during setup, use them to access your account by following these steps. If you don't have your backup codes, contact us.

To set up an authenticator on a new phone, temporarily disable 2FA, then click Set Up Two Factor Authentication to set up 2FA again, starting with Step 3 above.

I can't install an authenticator app

Currently, the only way to use 2FA with your Squarespace account is to install an authenticator app on your smartphone. We chose this method because it's the most secure authentication option.

If you don't have a smartphone or aren't able to install apps, visit Security tips for protecting your account to see other options for increasing your account security.