Users can now secure their accounts using Two-Factor Authentication (2FA) with Time-based One-Time Passwords (TOTP), commonly provided by authenticator apps like Google Authenticator or Authy. Your current Passkeys (WebAuthn keys) can also be used as second factors. 2FA adds an extra security layer to protect your account even if the initial login method is compromised.
To Enable 2FA:
Navigate to Authentication in Account Settings and enable 2FA
Log in using your existing method (email OTP or Git provider) as your first factor
Complete authentication with a TOTP authenticator as your second factor
Important information:
Passkey logins (WebAuthn) are inherently two-factor and won't prompt for additional verification
Team-scoped SAML SSO logins delegate authentication responsibility to your identity provider (IdP) and won't require an additional factor within Vercel
Visit your account settings to enable 2FA today, or check out our documentation to learn more.