Securing user access with two-factor authentication (2FA)

Two-factor authentication (2FA) improves account security by requiring a second piece of information to validate your identity when logging in. Learn how to configure two-factor authentication (2FA) to secure your Cloudflare account access.


Overview

Two-factor authentication (2FA) allows account owners to add an additional layer of login security to Cloudflare accounts. This additional authentication step requires you to provide both something you know, such as a Cloudflare password and something you have, such as an authentication code from a mobile device. 

To ensure that you can securely access your account even without access to your mobile device, i.e. a new phone, Cloudflare also provides backup codes for download. 

After downloading your backup codes, we recommend saving them in a secure location.

Super Administrators are the only users that can enable 2FA on Cloudflare accounts. As the account owner, you are automatically assigned the Super Administrator role. Once 2FA is enabled, all Cloudflare account members are required to configure 2FA on their mobile devices.

Free, Pro, and Business customers can only have one Super Administrator. Enterprise customers can have more than one Super Administrator and assign additional membership roles.

Enable two-factor authentication for your Cloudflare account

Only Super Administrators can enable 2FA on Cloudflare accounts.

To enable two-factor authentication for your Cloudflare login:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the Authentication tab. 

4. Scroll down to the Two-Factor Authentication section and click to toggle it to On.

2FA_enable.png


Configure two-factor authentication for your Cloudflare login

All Cloudflare account holders need to enable 2FA. If you are not a Super Administrator,

  • You will be forced to turn on 2FA prior to accepting the invitation to join a Cloudflare account as a member.
  • Choose your preferred authentication app and download it on your mobile device. There are several authentication apps available, including Google Authenticator. You will see a QR code. 

To enable 2FA:

1. Scan the QR code with your mobile device and enter the code from your authenticator app.

2. Enter your Cloudflare password, then click Next.

  • If you can't scan the QR code, click Can't scan QR code, Follow alternative steps to configure your authenticator app manually.

2FA_scan_QR_code.png

3. Enter your password and click Next again to see your backup review codes.

4. Once you see your backup codes, we recommend that you save them in a secure location. You can click Download, Print, or Copy to save the codes, then click Next.

2FA_review_and_backup_codes_v2.png

You can regenerate your backup codes on the following screen or at any time in the Authentication tab. 

5. Click Next on the backup code set up screen to Finish. You will see that Two-Factor Authentication is now On.

6. You also have the option to request a new set of backup codes. Click on regenerate them now to save a new set of two-factor backup codes.

2FA_configuration_complete.png


Disable two-factor authentication for your Cloudflare account.

Super Administrators are the only users that can disable 2FA on Cloudflare accounts. This causes 2FA to be disabled for all account members. 

To disable 2FA for your Cloudflare account:

1. Log in to the Cloudflare dashboard.

2. Under the My Profile dropdown, click My Profile.

3. Click the Authentication tab.

4. Scroll down to the Two-Factor Authentication section and click to toggle it to Off. You will see a confirmation screen.

5. Enter your password, an authenticator app code, or a backup code then click Disable.

2FA_disable.png


Restore lost access to Cloudflare two-factor authentication

The most common problems with 2FA are related to losing access to a mobile device or authentication code. In most cases, you can solve the issue by using a backup code or reviewing your preferred authentication app's documentation.

When setting up 2FA, you were prompted to save your backup codes in a secure location. To restore lost access using a Cloudflare backup code:

1. Retrieve the backup code from where you stored it.

2. Navigate to the Cloudflare login page.

3. Enter the backup code in the login screen, then click Log in.

2FA_backup_code_login_annontated.png

4. Once you use a backup code, it becomes invalid.

5.  If you attempt to re-enter a backup code or enter the wrong code, you will see an error message along the bottom of the screen. After multiple failed attempts, you will be prompted to log in again.

Some common authentication apps’ documentation for review:

If you still cannot log in to your Cloudflare account, contact support. You will be asked to verify your account ownership by making code changes to your origin server's content.


Related resources

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk