Two-factor authentication (2FA), also known as multi-factor authentication (MFA) or two-step authentication, is an optional but recommended security feature for Mapbox accounts. Once enabled, users will be prompted to enter the account's password and a security code generated on registered mobile devices whenever they log in to the account. For more information, please refer to the documentation available at https://docs.mapbox.com/accounts/guides/settings/#two-factor-authentication.
To enable 2FA, you need to be logged into your account and navigate to the Security page. You'll be prompted to scan a barcode with your mobile device or type a code into password management services like 1Password. The recommended authenticator app is Google Authenticator, which is free and available for iOS and Android. For a Windows phone, use the Authenticator app. Your mobile device will display a 6-digit code, which you need to type into the field below the barcode to complete the process.
If you lose your two-factor device, you can use a recovery code to access your account. This code is a single-use code that lets you sign in without your two-factor device. To use the code, you’ll need your username or email and your password.
To use a recovery code, navigate to the Sign-in page, enter your account ID and password, then click Sign in. Click the Lost your mobile device? Link below the Sign-in button. A new field for the recovery code will appear. Enter your recovery code in the new field and click Sign in. Find instructions for using a recovery code in our Account documentation.
Please note that enabling 2FA for an account raises the likelihood that you or other users of the account may have trouble logging into the account in the future. Therefore, it's recommended to store 2FA recovery codes in a safe place and distribute them to new account owners when transferring ownership of an account.