Skip to main content
Two-factor authentication (2FA)

Increase security for your account by using multiple authentication steps.

Andrey Kirillov avatar
Written by Andrey Kirillov
Updated over a week ago

Two-factor authentication (2FA) enhances your Ahrefs account security by requiring a second verification step during sign-in. This significantly reduces the risk of unauthorized access to your account, even if your password is compromised.

Ahrefs supports two main types of 2FA methods:

  • Authentication apps

  • Hardware security keys

Additionally, you can use platform authenticators like Windows Hello, Face ID, or Touch ID once one of the primary authentication methods is configured.

Note: We recommend configuring at least two primary methods to avoid being locked out of your account if you lose access to one.

Configuring 2FA using an authentication app

Before you can use 2FA, you’ll need to install an authenticator app, such as Google Authenticator, on your mobile device.

To enable 2FA using an authenticator app, follow these steps:

  1. Go to Account settings > My account.

  2. Click the Add authentication method > Authentication app under the Two-factor authentication section.

  3. Use your authentication app to scan the QR code, then click Continue.

  4. Enter the 6-digit verification code generated by your authentication app.

  5. Store the provided backup code and click I have stored my backup code to complete the setup. This code is essential for accessing your account if you lose access to your authentication app.

The setup process is now complete. Every time you sign in, you'll need to enter a code generated by your authentication app in addition to your password.

Note: The codes generated by your authentication app are specific to the particular device and cannot be transferred. If you plan to switch to a new phone, you need to disable 2FA beforehand, and then re-enable it using your new phone.

Configuring 2FA using a security key

You can use a variety of security keys to enhance your account security. These include hardware security keys like YubiKey or Titan, as well as smartphones that can act as security keys.

To add your security key as a second authentication method, follow these steps:

  1. Go to Account settings > My account.

  2. Click the Add authentication method > Security key under the Two-factor authentication section.

  3. When prompted by the browser, plug in and tap your security key (the interface may vary depending on your OS and browser).

  4. Enter a name for your security key and click Continue.

  5. Store the provided backup code and click I have stored my backup code to complete the setup. This code is essential for accessing your account if you lose access to your authentication app.

The setup process is now complete. Every time you sign in, you'll need to use your security key in addition to entering your password.

Requiring 2FA for your workspace

If you are the workspace owner or admin, you can enforce 2FA for your workspace members. The Require two-factor authentication option can be found in Account Settings > Members.

Once enabled, every member who hasn't set up 2FA will be signed out and required to set up 2FA to continue accessing their accounts. Every new user invited to your team will also be required to set it up before joining if they haven’t already done so.

Trouble with 2FA

If you encounter issues with 2FA because you lost your phone or no longer have access to your authenticator app, use the backup code you saved during setup to disable 2FA.

If you don't have a backup code but are signed into a different browser session, you can generate a new backup code in Account Settings > My Account.

If you aren't signed in elsewhere and can't change your 2FA settings, take the following steps:

  • If you are a workspace owner, you may need to contact us at [email protected]. For security reasons, you will be asked to provide detailed information to confirm your identity. This process can be slow and may take several days. It's intentionally designed to be thorough, as the main objective of 2FA is to provide in-depth protection for your account against sophisticated attacks. We will prioritize the security of your account over the ease of access recovery.

  • If you're not a workspace owner, contact your workspace owner or admin to request a 2FA reset.

Resetting 2FA

A workspace owner or an admin can reset 2FA for any member of their workspace to help them access their account. The Reset two-factor authentication option can be found in Account Settings > Members.

Once requested, the member will receive an email and must confirm the reset by clicking a personalized link and following the instructions.

Did this answer your question?