Protect your account with two-factor authentication

Two-factor authentication, sometimes shortened to 2FA, adds an extra layer of security to your account and all of the subscriptions on your account.

When logging into your account, you’ll enter an authentication code as an additional step. Depending on your settings, the code you enter is generated by an authentication app on your smartphone or sent to you via text message. After you log in, you can skip two-factor authentication for 30 days.

If any of your sites have multiple contributors, your contributors can choose to enable two-factor authentication for their own accounts. There isn't a way to enable it for them.

Tip: For added security, follow these steps in a private place where other people can't see your screen.

Choose your authentication method

You can receive your authentication code via an authentication app or have the code texted to you. Use this section to compare your options. It’s best to enable only one of these methods. Enabling both doesn’t make your account more secure.

Authentication app

• The most secure option
• Avoids login issues with limited cell coverage
• Available anywhere, as long as you download an authentication app
• Requires several steps to enable, which you must repeat if you get a new phone

Text message

• Quick to set up and use
• Widely used on other apps and services
• Only available if your phone number is from one of these countries
• Less secure than using an authentication app, although protecting your account with any two-factor authentication method is always more secure.

Note: If you enable both options, you won’t receive a text message immediately. Use the code generated by the authentication app instead. To receive a text message, click Use a different method, then select Text Message.

Enable two-factor authentication via an authentication app

Step 1 - Download the authentication app

While you can use any authentication app, we recommend Google Authenticator. The app is available for Android and iOS devices.

• Download for Android
• Download for iOS

Tip: The steps below should work for any authentication app, such as Authy or Duo, but if you have issues, contact your app's support team for more help.

Step 2 - Enable two-factor authentication

1. Open the Account & Security settings in your account dashboard.
2. Click Two-Factor Authentication.
3. Next to Authentication App, click Set Up.
4. Enter your account password and click Next. If you signed up with a social account, click Continue with [social network] to verify your credentials.

Step 3 - Scan the QR code

Open the authenticator app on your phone to scan the QR code.

If you're changing your settings from a mobile device, the QR code won't display. Instead, you'll paste a code manually.

Tip: If your phone's camera is broken or unable to scan a QR code, log into your account on a mobile device and follow the mobile steps below.

Follow these steps for Google Authenticator:

Step 4 - Enter the code

A six-digit number will appear on the Google Authenticator app. Enter this code in your Squarespace account and click Confirm.

A new code is generated every 30 seconds and is valid for 60 seconds. If your code isn't accepted, check the app for a new code, or review our troubleshooting tips.

Step 5 - Choose your backup method (optional)

After your code is accepted, you can copy or download your codes and save them to your device. It's recommended to save these codes somewhere secure and accessible, as you may need to use a backup code to log in if you lose your device.

• To save your backup codes to your device, click Copy codes or Download codes.
• To print out your codes, choose the Download codes option, then print the downloaded file.
• To close the setup screen, click Done in the top-left corner.

Enable two-factor authentication via text message (sms)

You can set up two-factor authentication via text message if your phone number is from one of the following countries:

• United States
• Australia
• Canada
• Ireland
• United Kingdom

Step 1 - Enable two-factor authentication

1. Open the Account & Security settings in your account dashboard.
2. Click Two-factor authentication.
3. Next to Text message, click Set Up.
4. Enter your account password and click Next. If you signed up with a social account, click Continue with [social account] to verify your credentials.
5. Select your country from the Country drop-down menu.
6. Enter your mobile phone number, and click Send Code.

If your account is set up to recover your email address by text message, the phone number you use for it auto-fills here. You can keep it the same or update it, but updating it changes it for your text message account recovery too.

Step 2 - Enter the code

After a few seconds, you’ll receive a text message with your six-digit authentication code. Enter this code in your Squarespace account, then click Confirm.

Codes sent via text message expire after five minutes. If you have trouble logging in, visit Troubleshooting two-factor authentication.

Step 3 - Choose your backup method (optional)

After your code is accepted, you can copy or download your codes and save them to your device. It's recommended to save these codes somewhere secure and accessible, as you may need to use a backup code to log in if you lose your device.

• To save your backup codes to your device, click Copy codes or Download codes.
• To print out your codes, choose the Download codes option, then print the downloaded file.
• To close the setup screen, click Done in the top-left corner.

Logging in with two-factor authentication

The first time you log into your account after you enable two-factor authentication, you'll be prompted to enter an authentication code after you enter your email and password. Depending on your settings, you’ll get the code via an authentication app or a text message.

Authentication app

1. Open the authentication app on your phone.
2. Enter the code from the app on the login screen.
3. To skip two-factor authentication on your device the next time you log in, select Remember this computer for 30 days.
4. Click Log In.

Text message

1. After a few seconds, you should receive a new text message.
2. Enter the code on the login screen.
3. To skip two-factor authentication on your device the next time you log in, select Remember this computer for 30 days.
4. Click Log In.

Using backup codes to log in

If you lose your phone or are unable to use your authenticator app, you can use the backup codes you copied or downloaded to access your account. Backup codes are generated in sets of eight, and each code can only be used once.

To access your account:

1. Go to squarespace.com/login.
2. Enter your account email and password and click Log In.
3. Click Use a different method.
4. Click Backup code.
5. Enter an unused backup code in the authentication code field and click Log in.
6. Your account will open.

Troubleshooting

If the backup code doesn't work, follow these troubleshooting steps:

• Type the code in, rather than copying and pasting it.
• Try a different code from the backup code list. Each code is single-use.

If these steps don't work, or if you don't have your backup codes, contact us.

Generate new codes

If you've used all your backup codes, or want to copy or download your backup codes:

1. Open the Account & Securitysettings in your account dashboard.
2. ClickTwo-factor authentication, then clickGenerate new codes next toBackup codes. This invalidates previous codes.

Generate an app password

When you use an app password, you can log into your Squarespace account from apps or devices that don't support two-factor authentication, such as our Developer Platform. To generate an app password:

1. Click this link to open account & security settings in your account dashboard.
2. Click App Passwords, then click Generate Password.
3. Give the password a label, then click Next.
4. Add your account password and click Next.
5. Copy the app password and click Done.
6. Use this app password to log into the app or device.

As long as two-factor authentication is enabled for your account, repeat these steps to generate a new app password any time you need to log into that app or device.

Disable two-factor authentication

To disable two-factor authentication:

1. Click this link to open account & security settings in your account dashboard.
2. Click Two-Factor Authentication.
3. Next to the authentication method you've enabled, click Turn off.
4. Log in to your account.
5. Click Turn off.

Keep in mind, disabling two-factor authentication also invalidates your backup codes. If you reactivate two-factor authentication, ensure you generate new backup codes.

Troubleshooting

For troubleshooting tips, visit Troubleshooting two-factor authentication.