Feature Request: Two Factor Authentication / 2FA on Accounts


I would like to request that two-factor authentication (2FA) be implemented on the Netlify platform. To be specific, I’d like to request time-based one-time passwords (TOTP) through an application like Google Authenticator as well as U2F hardware tokens such as YubiKey and similar. 2FA through SMS is no longer considered a secure form of 2FA.

Netlify has control of some seriously important things, so protecting your account should require more than a standard password.

Please let me know what you think and if it is already in the roadmap.



Hi, welcome to the forums!

We’ve got it in our feature request list to add that if you’re signing up to Netlify with the email/password combo.

For now, though, we recommend that if you need 2FA then sign up to Netlify with your google or github account and enable hardware specific-2FA on those instead, and that’ll grant you the equivalent level of protection.

1 Like


I had signed up using email and password because I like keeping my accounts separated in case one is compromised.

I’ll stay tuned to see if this ends up on the roadmap :slight_smile:

1 Like

We’ll let you know if we implement something like that - we do have an open feature request on it and will add this thread to the list of folks to notify if things change around our implementation.

1 Like

A post was split to a new topic: Signing up for netlify with google

Jamie caught my screw up on this thread: Signing up for netlify with google

Signing up with one of the repo providers and enabling 2-factor will give you the protection you seek. Ignore me saying Google. :wink:

1 Like

This is great, but I just want to reiterate that I’m using email login, not SSO. My request is to have 2FA for email users.

1 Like

@nraboy I’m with you, but I figured I’ve already authorised Netlify with GitHub and GitHub has u2f, so I deleted my Netlify account and re-signed up using my GitHub account. Note that you can change you email Netlify address having done that.

+1 for 2FA for email users.

I don’t want to use my GitHub or Google account, as I like to keep all my accounts separate too, like @nraboy, in case one is compromised, for extra privacy, and to avoid an extra dependency. I want to be free to delete any account I have anytime without compromising any others.

thanks for commenting on this. We know this is a desirable feature for many different reasons. I have added your voice to the chorus on the issue, @danielrlc!

1 Like

@perry any eta for this feature?

hey @Wdotis, I don’t have any updates at the moment, I’m afraid, but I did mention that there is still a strong interest in this being implemented on the relevant issue. I’ll absolutely update this thread when we get any news. Thanks for your patience.

+1 I’d like to also voice my strong support for 2-factor on email+pass accounts. My email account is more secure than my GitHub/GitLab/BitBucket accounts, so it’s a shame that I can’t use 2-factor with it.

Netlify is the last major service I still use that doesn’t support 2-factor natively.

1 Like

hey everyone!

You may have already heard, but in case you didn’t, Netlify now supports 2-FA (2-Factor Authentication) on accounts :flight_departure:

More info here:

Thank you all for your patience as we worked on implementing this :smiley:

1 Like

Invalid OTP message on 2FA using Microsoft Authenticator.

oh no, how annoying. Can you give us a bit more info? Has this previously worked for you?

I have tried to enable 2FA with Microsoft Authenticator. When I scan the QR and enter the OTP code, it says invalid OTP. I can’t enable it

hmm. thanks for letting us know! I will try and get more information. Are you able to use a different authentication device?

I just tested this (by installing microsoft authenticator on my phone and enabling 2FA on one of my netlify accounts) and was able to get it working no problem! Doesn’t mean i don’t believe its happening to you, but maybe it is something specific to your phone or your account?

Are you able to log in via a different 2FA device? are you able to get log in to your netlify account or are you logged out with no access? let us know and we can keep troubleshooting.

1 Like

I have tried with Microsoft authenticator and this time I am able to use it. Looks like something went wrong on the previous.