> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/account-management/account-security/multi-factor-authentication-optional/2fa-email-verification-codes.md).

# 2FA-Email verification codes

### Scope

This section explains how **email verification codes** work as a Multi-Factor Authentication (2FA) method for personal accounts, including:

* When email-based 2FA is enabled
* How the verification flow works during sign-in
* What users should expect after enabling 2FA

> 📌 This guide applies only to **email-based 2FA**. Other 2FA methods (Authenticator App, Passkey) are documented separately.

***

### I am new. Where should I start?

If you want to add an extra layer of security to your account without installing additional apps, **email verification codes** are the easiest way to start.

When you enable **Multi-Factor Authentication (2FA)** in your account settings:

* **Email verification is automatically enabled by default**
* No additional setup is required

*Security overview – 2FA enabled, email listed as active method*\
\&#xNAN;*(example:* `/security` *page showing MFA enabled status)*

<figure><img src="/files/XUY2IgSy9Far4cdfzi23" alt=""><figcaption></figcaption></figure>

***

### Purpose

Email verification codes help protect your account by requiring **a one-time code sent to your email** after you enter your password.

This ensures that:

* Even if someone knows your password, they cannot sign in without access to your email
* Account access remains under your control

***

### Prerequisites

Before using Email verification codes for MFA, make sure that:

* Your account email address is verified
* You can access your email inbox
* MFA is enabled in **account security settings**

<figure><img src="/files/VJgMDDaY1ZwxkmShaNdH" alt=""><figcaption></figcaption></figure>

***

### I already understand. How do I proceed step by step?

#### Step 1: Enable Multi-Factor Authentication

1. Go to **Account → Security**
2. Turn on **Multi-Factor Authentication**

✅ Once MFA is enabled, **email verification is automatically activated**\
(No additional configuration is required)

***

#### Step 2: Sign In with email and password

1. Open the **Sign In** page
2. Enter your email address and password
3. Click **Sign In**

***

#### Step 3: Verify with email code (second step)

* Select **email** as the verification method.

<figure><img src="/files/KfPAxxgTH74MFc0LudZk" alt=""><figcaption></figcaption></figure>

* Check your email inbox for the verification message.

**Note**: If you do not receive the verification code, see [What should I do if I don't receive a verification code when signing up or forgot password?](https://docs.oten.com/identity-support/user-guide/account-management/account-security)

* Enter the verification code provided.

<figure><img src="/files/GTy2PrDNlLAez9hEwVK2" alt=""><figcaption></figcaption></figure>

✅ Sign-in is completed automatically once the code is validated.

***

### What happens if I don’t receive the email?

If you don’t see the verification email:

* Check your s**pam / junk** folder
* Make sure your email address is correct
* Wait a few seconds and request a new code

***

### Security notes

* Email verification codes are **one-time use**
* Codes expire after a short period for security reasons
* Verification is required **each time you sign in** when MFA is enabled
* Email MFA can be combined later with:
  * Authenticator App (TOTP)
  * Passkeys (FIDO2 / WebAuthn)

***

### Summary

| Item             | Description                                  |
| ---------------- | -------------------------------------------- |
| MFA method       | Email verification codes                     |
| Setup required   | None (enabled automatically with MFA)        |
| Used during      | Sign-in after password                       |
| Delivery channel | Registered email address                     |
| Security level   | Medium (recommended baseline)                |
| Best for         | Users who want simple MFA without extra apps |
