Two-Factor Authentication (often abbreviated as 2FA), is a way to add an additional layer of security to your Disqus account. This is accomplished by requiring multiple forms of login to be completed before access to the account is granted.

With 2FA enabled, after you enter your account password, you'll be prompted to complete an additional step for login. This could be entering a code sent to your email address, or opening an authenticator app and entering the code supplied there into Disqus. Once the additional login measure has been completed, you'll be let into your account as usual.

A more in-depth guide to Two-Factor Authentication can be found here.

To set this up for your account, you'll want to navigate to the Two-Factor Authentication section of your account settings page. There, you can connect the method you'd like to use for your second layer of authentication.
​
If you have an authenticator app that you'd like to use, you can simply scan the QR code present on that page with the authenticator app on your mobile device, and follow the additional prompts to connect the app with Disqus.

Disqus 2FA should work with all authenticator apps that send a Time-Based One Time Password (TOTP). As long as your authenticator app of choice supports TOTP as an authentication method, it can be used.

If you'd prefer to authenticate via email instead, this is also supported. After logging in with your password, you'll receive an email with a numeric code and be redirected to a page where you can enter this numeric value. Simply enter this code into the "Code" field in Disqus, and you'll be logged into your account.
​

In addition to the authentication methods, the two-factor authentication section of your account settings page will also provide options to generate backup codes for access to your account.
​
We strongly recommend generating these backup codes, and storing them in a safe place in your local digital system. If for some reason you lose access to the authentication methods attached to your account, you will need to use these codes to regain access to your account.
​
Because 2FA is a security measure adding additional login security to your account, we cannot manually go around this to provide access to an account in cases where the authentication methods have been lost. Backup codes will be the only option for account access in cases where access to the 2FA authentication methods have been lost.

​

Can I add both Authenticator App and Email Authentication to my account?

Yes, you can enable both Authenticator App and Email Authentication to your Disqus account at the same time. When both are enabled, we will default to using the authenticator app.

If you have both installed and would like to use your Email Authentication, you can click the "Verify by email" option. This will send an authentication email and open the correct field for the numeric code sent to the email address on your account.

Can I add multiple Email addresses to my account?

No. At this time, we only support one email address on each Disqus account, for login and email authentication.

What happens if I enable 2FA and lose access to my account?

If you lose access to your email address but still have access to your authenticator app for 2FA authentication, you can still log in with your old email and password value, to update the email address on your account and verify the new address. If you've forgotten your password, a password reset email may be requested from disqus.com/forgot.

However, if you lose access to your 2FA authentication methods, your only option for access will be to use previously generated backup codes for access. Because of this, we strongly recommend generating and storing backup codes immediately after setting 2FA up on your Disqus account. In cases where the 2FA authentication methods have been lost and no backup codes have been generated, we will not be able to provide access to the account, and you will only be able to access your account if you have already generated and stored backup codes for account access.