Followers:

Asked: Updated: Followers:

Note: While our most popular guides have been translated into Spanish, some guides are only available in English.
Protect your account with two-factor authentication

Last updated

Two-factor authentication, or 2FA, adds an extra layer of security to your account and Squarespace sites. When logging into your account, in addition to your email and password you'll enter a code generated by an authentication app on your smartphone.

You'll be asked for this code whenever you access your account from a new device. On each device, you'll have the option to disable code requests for 30 days.

This guide explains how to set up 2FA for your account.

Note: For added security, we recommend you follow these steps in a private place where your computer screen isn't visible to other people.

Watch a video

Step 1 - Download an authentication app

While you can use any authentication app, we recommend Google Authenticator. The app is available for Android and iOS devices.

Tip: The steps below should work for any authentication app, such as Authy or Duo, but if you have issues, reach out to your app's support team for more help.

Step 2 - Enable 2FA

  1. Log into your Squarespace Account Dashboard at https://account.squarespace.com.
  2. Click your profile icon, then Account & Security.

profile-picture.png

  1. Click Two-Factor Authentication.
  2. Click Set Up Two-Factor Authentication.
  3. Enter your account password and click Next.

Step 3 - Scan the QR code

Open the authenticator app on your phone to scan the QR code. If you're on mobile, you'll paste a code manually instead.

Tip: If your phone's camera is broken or unable to scan a QR code, log into your account on a mobile device and follow the mobile steps below.

For Google Authenticator, the steps are:

Desktop Mobile
  1. Open Google Authenticator. If this is your first time using the app, click Begin Setup. Otherwise, click the + icon.
  2. Click Scan barcode.
  3. Scan the QR code.

scan-qr.png

  1. Click Copy.

tap-copy.png

  1. Open Google Authenticator and click the + icon.
  2. Click Manual entry.
  3. Add your Squarespace account email.
  4. In the Key field, paste the code.
  5. Leave the Time Based toggle on, and click the ✓ icon in the top right.

A 6-digit number will appear.

Tip: A new 6-digit code is generated every 30 seconds, and is valid for 60 seconds.

logging-in.png

Step 4 - Type in your code

On your computer, type the 6-digit code in the Authentication Code field, then click Next.

Each code is valid for 60 seconds. If your code isn't accepted, check the app to see if there's a new code, or see our troubleshooting tips.

next.png

Step 5 - Print backup codes and finish

In the next window:

  1. Click Print Codes to print your backup codes. This is optional, but we highly recommend it. These backup codes will enable you to log into your site if you lose access to your phone.
  2. Click Done.
Tip: If you use mobile apps, you'll need to update them.

done.png

Logging in after enabling 2FA

The first time you log into your account, you'll be prompted to enter an authentication code after you enter your email and password. To find this code:

  1. Open the authenticator app on your phone.

6-digit-code.png

  1. Type the code from the app on the login screen.
  2. If you'd like, select Remember me for 30 days on this device.
  3. Click Submit.
Tip: A new code is generated every 30 seconds, and is valid for 60 seconds. If your code isn't accepted, check the app to see if there's a new code, or see our troubleshooting tips.

auth-code.png

"Code is incorrect" message

If you see a message that says Security code is incorrect or The two-factor code was incorrect, open your authenticator app and get a new code. In Google Authenticator, the code turns red for the last 5 seconds before the app generates a new code. Codes disappear after 30 seconds, but expire at 60 seconds. Once a code expires, you won't be able to use it to log in.

If trying a new code doesn't work, ensure your phone's time is set to automatically update to your local time zone. If you've manually set your phone to a different time, your authenticator codes won't work.

If you've used a fresh code and your phone's time is correct, but you still can't log in:

  • If you've already set up 2FA, try your backup codes.
  • If you're currently in the process of setting up 2FA, contact us.

Protecting multiple sites, accounts, and contributors

Enabling 2FA protects all sites on your account.

  • If you have multiple Squarespace accounts, enable 2FA for each of them.
  • If any of your sites have multiple contributors, your contributors can choose to enable 2FA for their own accounts. There isn't a way to enable it for them.

Using backup codes

If you lose your phone or are unable to use your authenticator app, you can use the backup codes you printed during setup to access your account. Backup codes are generated in sets of 10, and each code can be used one time.

To access your account:

  1. Go to your Squarespace Account Dashboard.
  2. Enter your account email and password and click Log In.
  3. Type an unused backup code in the Authentication Code field and click Submit.
  4. Your account will open.

Troubleshooting

If the backup code doesn't work, follow these troubleshooting steps:

  • Type the code in, rather than copying and pasting it.
  • Try a different code from the backup code list. Each code is single-use.

If these steps don't work, or if you don't have your backup codes, contact us.

Generate new codes

If you've used all your backup codes, or if you have access to your account but haven't yet printed your backup codes:

  1. Log into your Squarespace Account Dashboard.
  2. Click your profile icon, then Account & Security.
  3. Click Two Factor Authentication, then Get New Backup Codes.

Disable 2FA

To disable 2FA:

  1. Log into your Account Dashboard.
  2. Click your profile icon.
  3. Click Account & Security, then Two Factor Authentication.
  4. Click Disable Two Factor Authentication and enter your password.

2FA and mobile apps

If you use Squarespace mobile apps, ensure your app is up to date. If you can't log in after enabling 2FA, update the app to the most recent version.

If you log out of an app, you'll need an authentication code to log back in.

2FA and Developer Mode

If you have sites with Developer Mode enabled, your login when connecting with Git or SFTP will be deactivated after enabling 2FA. To log in:

  1. Log into your Squarespace Account Dashboard at https://account.squarespace.com.
  2. Click your profile icon, then Account & Security.
  3. Click App Passwords, then Generate Password.
  4. Give the password a label, then click Next.
  5. Add your account password and click Next.
  6. Copy the app password and click Done.
  7. Use this app password to connect with Git or SFTP.

This will be your password when connecting with Git or SFTP as long as 2FA is enabled. If you forget the password, generate a new one by repeating these steps.

I've lost or broken my phone

If you printed or saved your backup codes during setup, use them to access your account by following these steps. If you don't have your backup codes, contact us.

To set up an authenticator on a new phone, temporarily disable 2FA, then click Set Up Two Factor Authentication to set up 2FA again, starting with Step 3 above.

Was this article helpful?
5 out of 14 found this helpful

Related articles

Navigation
  1. Squarespace Help
  2. Technical Issues and Security
  3. Security
Protect your account with two-factor authentication