MFA-Email verification codes

Scope

This section explains how email verification codes work as a Multi-Factor Authentication (MFA) method for personal accounts, including:

  • When email-based MFA is enabled

  • How the verification flow works during sign-in

  • What users should expect after enabling MFA

📌 This guide applies only to email-based MFA. Other MFA methods (Authenticator App, Passkey) are documented separately.

I am new. Where should I start?

If you want to add an extra layer of security to your account without installing additional apps, email verification codes are the easiest way to start.

When you enable Multi-Factor Authentication (MFA) in your account settings:

  • Email verification is automatically enabled by default

  • No additional setup is required

Security overview – MFA enabled, email listed as active method (example: /security page showing MFA enabled status)

Purpose

Email verification codes help protect your account by requiring a one-time code sent to your email after you enter your password.

This ensures that:

  • Even if someone knows your password, they cannot sign in without access to your email

  • Account access remains under your control

Prerequisites

Before using Email verification codes for MFA, make sure that:

  • Your account email address is verified

  • You can access your email inbox

  • MFA is enabled in account security settings

I already understand. How do I proceed step by step?

Step 1: Enable Multi-Factor Authentication

  1. Go to Account → Security

  2. Turn on Multi-Factor Authentication

✅ Once MFA is enabled, email verification is automatically activated (No additional configuration is required)

Step 2: Sign In with email and password

  1. Open the Sign In page

  2. Enter your email address and password

  3. Click Sign In

Step 3: Verify with email code (second step)

  • Select email as the verification method.

  • Check your email inbox for the verification message.

Note: If you do not receive the verification code, see What should I do if I don't receive a verification code when signing up or forgot password?

  • Enter the verification code provided.

✅ Sign-in is completed automatically once the code is validated.

What happens if I don’t receive the email?

If you don’t see the verification email:

  • Check your spam / junk folder

  • Make sure your email address is correct

  • Wait a few seconds and request a new code

🔗 See: What should I do if I don't receive a verification code when signing up or forgot password?

Security notes

  • Email verification codes are one-time use

  • Codes expire after a short period for security reasons

  • Verification is required each time you sign in when MFA is enabled

  • Email MFA can be combined later with:

    • Authenticator App (TOTP)

    • Passkeys (FIDO2 / WebAuthn)

Summary

Item

Description

MFA method

Email verification codes

Setup required

None (enabled automatically with MFA)

Used during

Sign-in after password

Delivery channel

Registered email address

Security level

Medium (recommended baseline)

Best for

Users who want simple MFA without extra apps

PreviousMulti-Factor Authentication (optional)NextMFA-Authenticator apps (TOTP)

Last updated