Stripe

Support

How do I enable two-step authentication?

Two-step authentication protects your Stripe account with an additional level of security. When you log in from a new device, we’ll ask for both your password and a unique code from your mobile device. Even if someone has your password, they will not be able to log into your account without also having access to your mobile device.

Keeping your Stripe account safe is important. If compromised, your finances, customer details, and transaction information are at risk.

We support two primary methods of two-step authentication: text messaging (SMS) and mobile apps. For more advanced users, we also support U2F hardware authentication. We recommend setting up both primary methods, to prevent being locked out of your account if you lose access to one. (If you are locked out of your account, please see how to recover your account.)

Important: Currently we only support one device for each primary method (i.e. you may only have one SMS phone number and one mobile app) although this may change in future.

Text message (SMS)

To set up your phone to receive codes via text:

  1. Go to your user profile.
  2. Click Add under the Two-step authentication section.
  3. Select Add SMS. You will be asked to enter your phone number. Enter your phone number and click Continue.
  4. You will be texted a unique security code to confirm that we’ve got the right phone number. Note that it may take a minute or two to receive your security code.

The setup process is complete! We’ll request a code if you log in from a new device, as well as periodically to make sure it’s still you.

Two-step authentication mobile app

You may also use a two-step authentication mobile app, such as the free Google Authenticator (available for iOS and Android). There are other options, such as Authenticator Plus and Duo Mobile.

To set up two-step verification with Google Authenticator (other apps are similar):

  1. Go to your user profile.
  2. Click Add under the Two-step authentication section.
  3. Select Add Google Authenticator. You will be asked to scan the barcode on your screen with your mobile device’s camera.
  4. Confirm the code that is shown on your device to finish the setup.

The setup process is complete! We’ll request a code if you log in from a new device, as well as periodically to make sure it’s still you.

Important: These codes are specific to that particular device and cannot be transferred. If you are going to switch to a new phone or wipe your phone, you’ll need to disable two-step authentication before you do so, then re-enable it using your new phone.

Emergency backup code

At the end of either setup process, we’ll display an emergency backup code. This code is only displayed once, so be sure to write it down and store it somewhere safe. If your mobile device is ever lost or stolen, you can use this code to disable two-step authentication on your account.

If you lose your code but still have access to your account, you can generate a new emergency backup code from your two-step authentication settings. If you lose access to both your mobile device and your recovery code, you’ll need to contact us to help you back into your account.

FIDO U2F hardware security keys

Once you have enabled two-step authentication via SMS or a two-step mobile app, you have the additional option of adding one or more FIDO U2F security keys. Security keys are devices that connect to your computer via USB, Bluetooth, or NFC, and provide an additional form of two-step authentication.

Note that FIDO U2F is only compatible with certain web browsers.

To set up two-step authentication with a security key:

  1. Click Add under the Two-step authentication section. (Note: you must have already setup two-step verification by either SMS or a two-step mobile app.)
  2. Select Add security key.
  3. When prompted, plug-in and tap your security key.
  4. Next, provide a name for your security key. This is a helpful way to tell them apart if you decide to add multiple security keys.

Similar to the other methods, we will require this key for any new devices, as well as periodically to confirm the device is still yours.

Was this answer helpful? Yes / No